mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 21:19:40 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,50 @@
|
||||
---
|
||||
name: implementing-security-chaos-engineering
|
||||
description: >
|
||||
Implements security chaos engineering experiments that deliberately disable or degrade
|
||||
security controls to verify detection and response capabilities. Tests WAF bypass,
|
||||
firewall rule removal, log pipeline disruption, and EDR disablement scenarios using
|
||||
boto3 and subprocess. Use when validating SOC detection coverage and resilience.
|
||||
---
|
||||
|
||||
# Implementing Security Chaos Engineering
|
||||
|
||||
## Instructions
|
||||
|
||||
Design and execute security chaos experiments that intentionally break security
|
||||
controls to verify that detection, alerting, and response systems work correctly.
|
||||
|
||||
```python
|
||||
# Example: Verify detection when a security group is opened
|
||||
import boto3
|
||||
ec2 = boto3.client("ec2")
|
||||
|
||||
# Chaos experiment: temporarily add 0.0.0.0/0 rule
|
||||
ec2.authorize_security_group_ingress(
|
||||
GroupId="sg-12345",
|
||||
IpProtocol="tcp", FromPort=22, ToPort=22,
|
||||
CidrIp="0.0.0.0/0",
|
||||
)
|
||||
# Verify: does GuardDuty/Config alert fire within SLA?
|
||||
# Rollback: remove the rule after verification
|
||||
```
|
||||
|
||||
Key experiments:
|
||||
1. Open a security group and verify Config Rule alerts
|
||||
2. Disable CloudTrail and verify detection time
|
||||
3. Create IAM admin user and verify alert triggers
|
||||
4. Simulate log pipeline failure and check monitoring gaps
|
||||
5. Deploy test malware hash and verify EDR response
|
||||
|
||||
## Examples
|
||||
|
||||
```python
|
||||
# Rollback function for safe experiment execution
|
||||
def run_experiment(setup_fn, verify_fn, rollback_fn, timeout=300):
|
||||
try:
|
||||
setup_fn()
|
||||
result = verify_fn(timeout)
|
||||
finally:
|
||||
rollback_fn()
|
||||
return result
|
||||
```
|
||||
Reference in New Issue
Block a user