mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 18:13:43 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,45 @@
|
||||
---
|
||||
name: implementing-cloud-workload-protection
|
||||
description: >
|
||||
Implements cloud workload protection using boto3 and google-cloud APIs for runtime
|
||||
security monitoring, process anomaly detection, and file integrity checking on EC2/GCE
|
||||
instances. Scans for cryptomining, reverse shells, and unauthorized binaries.
|
||||
Use when building runtime security controls for cloud compute workloads.
|
||||
---
|
||||
|
||||
# Implementing Cloud Workload Protection
|
||||
|
||||
## Instructions
|
||||
|
||||
Monitor cloud workloads for runtime threats by checking process lists, network
|
||||
connections, file integrity, and resource utilization anomalies.
|
||||
|
||||
```python
|
||||
import boto3
|
||||
|
||||
ssm = boto3.client("ssm")
|
||||
# Run command on EC2 instances to check for suspicious processes
|
||||
response = ssm.send_command(
|
||||
InstanceIds=["i-1234567890abcdef0"],
|
||||
DocumentName="AWS-RunShellScript",
|
||||
Parameters={"commands": ["ps aux | grep -E 'xmrig|minerd|cryptonight'"]},
|
||||
)
|
||||
```
|
||||
|
||||
Key protection areas:
|
||||
1. Process monitoring for cryptominers and reverse shells
|
||||
2. File integrity monitoring on critical system files
|
||||
3. Network connection auditing for C2 callbacks
|
||||
4. Resource utilization anomaly detection (CPU spikes)
|
||||
5. Unauthorized binary detection via hash comparison
|
||||
|
||||
## Examples
|
||||
|
||||
```python
|
||||
# Check for unauthorized outbound connections
|
||||
ssm.send_command(
|
||||
InstanceIds=instances,
|
||||
DocumentName="AWS-RunShellScript",
|
||||
Parameters={"commands": ["ss -tlnp | grep ESTABLISHED"]},
|
||||
)
|
||||
```
|
||||
Reference in New Issue
Block a user