mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 13:39:40 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,31 @@
|
||||
# Standards and References - XM Cyber Attack Path Analysis
|
||||
|
||||
## XM Cyber Resources
|
||||
- XM Cyber Platform: https://xmcyber.com/
|
||||
- 2024 State of Exposure Management Report: https://info.xmcyber.com/2024-state-of-exposure-management
|
||||
- CTEM (Continuous Threat Exposure Management): https://xmcyber.com/ctem/
|
||||
- XM Cyber EASM Integration: https://xmcyber.com/press-release/xm-cyber-unifies-external-discovery-with-internal-validation/
|
||||
|
||||
## Industry Frameworks
|
||||
- **Gartner CTEM**: Continuous Threat Exposure Management framework (2022)
|
||||
- **MITRE ATT&CK**: Lateral movement and privilege escalation techniques
|
||||
- **NIST CSF 2.0**: Identify, Protect, Detect functions
|
||||
- **CIS Controls v8.1 Control 7**: Continuous Vulnerability Management
|
||||
|
||||
## Research Findings (2024)
|
||||
| Metric | Finding |
|
||||
|--------|---------|
|
||||
| Avg exposures per org | ~15,000 |
|
||||
| CVE-based exposures | < 1% of total |
|
||||
| Misconfiguration exposures | ~80% |
|
||||
| Identity/credential exposures | ~40% |
|
||||
| Critical choke points | 2% of all exposures |
|
||||
| On-prem to cloud pivot | 70% of organizations |
|
||||
| Cloud assets compromised in 2 hops | 93% |
|
||||
|
||||
## Related Technologies
|
||||
- BloodHound/SharpHound: Active Directory attack path analysis
|
||||
- PurpleKnight: AD security assessment
|
||||
- CrowdStrike Falcon Exposure Management
|
||||
- Tenable Identity Exposure
|
||||
- Microsoft Defender for Identity
|
||||
@@ -0,0 +1,56 @@
|
||||
# Workflows - XM Cyber Attack Path Analysis
|
||||
|
||||
## Workflow 1: Continuous Exposure Management Lifecycle
|
||||
|
||||
```
|
||||
┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐
|
||||
│ Define Critical │────>│ Deploy Sensors │────>│ Run Attack Graph │
|
||||
│ Assets (Crown │ │ (On-prem + Cloud)│ │ Analysis │
|
||||
│ Jewels) │ │ │ │ │
|
||||
└──────────────────┘ └──────────────────┘ └──────────────────┘
|
||||
│
|
||||
┌────────────────────────────────────────────────┘
|
||||
v
|
||||
┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐
|
||||
│ Identify Choke │────>│ Prioritize │────>│ Remediate & │
|
||||
│ Points │ │ Remediation │ │ Validate │
|
||||
└──────────────────┘ └──────────────────┘ └──────────────────┘
|
||||
│
|
||||
v
|
||||
┌──────────────────┐
|
||||
│ Continuous │ (Loop back to Attack Graph Analysis)
|
||||
│ Monitoring │
|
||||
└──────────────────┘
|
||||
```
|
||||
|
||||
## Workflow 2: Choke Point Remediation
|
||||
|
||||
```
|
||||
For each identified choke point:
|
||||
1. Document the entity (host, credential, misconfiguration)
|
||||
2. Map all attack paths passing through this choke point
|
||||
3. List all critical assets protected if choke point is fixed
|
||||
4. Determine remediation action (patch, reconfig, credential rotation)
|
||||
5. Estimate fix complexity (easy/moderate/complex)
|
||||
6. Calculate risk reduction score (paths * assets / complexity)
|
||||
7. Assign to remediation team with priority and SLA
|
||||
8. After fix: re-run analysis to confirm path elimination
|
||||
9. Document residual risk if paths still exist
|
||||
```
|
||||
|
||||
## Workflow 3: Attack Path to Remediation Ticket
|
||||
|
||||
```
|
||||
XM Cyber Finding:
|
||||
"Cached Domain Admin credential on WORKSTATION-042
|
||||
enables 47 attack paths to Domain Controller DC-01"
|
||||
│
|
||||
v
|
||||
Remediation Ticket:
|
||||
Priority: P1-Emergency
|
||||
Title: "Remove cached DA cred on WORKSTATION-042"
|
||||
Action: Clear credential cache, implement LAPS,
|
||||
restrict DA logon to Tier 0 only
|
||||
Impact: Eliminates 47 attack paths to DC-01
|
||||
SLA: 48 hours
|
||||
```
|
||||
Reference in New Issue
Block a user