Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
2026-06-13 06:34:57 +03:00 · 2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
@@ -0,0 +1,72 @@
+# API Reference: Implementing Zero Trust in Cloud
+
+## Libraries
+
+### boto3 (AWS Zero Trust Checks)
+- **Install**: `pip install boto3`
+- IAM: `list_users()`, `list_mfa_devices()`, `get_account_summary()`
+- EC2: `describe_instances()`, `describe_security_groups()`
+- S3: `get_bucket_encryption()`, `get_public_access_block()`
+- CloudTrail: `describe_trails()`, `get_trail_status()`
+
+### azure-identity + azure-mgmt-authorization
+- **Install**: `pip install azure-identity azure-mgmt-authorization`
+- `AuthorizationManagementClient` -- RBAC role assignments
+- `DefaultAzureCredential()` -- Auto-detect auth
+
+### google-cloud-compute
+- **Install**: `pip install google-cloud-compute`
+- `FirewallsClient` -- VPC firewall rules audit
+- `InstancesClient` -- VM network configuration
+
+## Zero Trust Pillars (NIST SP 800-207)
+
+| Pillar | Key Checks |
+|--------|-----------|
+| Identity | MFA enforcement, least privilege, conditional access |
+| Device | Compliance policies, MDM, certificate identity |
+| Network | Micro-segmentation, private endpoints, no public IPs |
+| Application | OAuth2/OIDC, API gateway auth, no VPN dependency |
+| Data | Encryption at rest/transit, DLP, classification |
+| Visibility | Centralized logging, SIEM, UEBA, real-time alerts |
+
+## AWS Zero Trust Services
+
+| Service | Zero Trust Function |
+|---------|-------------------|
+| IAM Identity Center | Centralized identity and SSO |
+| VPC PrivateLink | Private service connectivity |
+| Verified Access | Identity-based application access |
+| Security Hub | Continuous posture assessment |
+| GuardDuty | Threat detection and monitoring |
+| CloudTrail | API activity audit logging |
+
+## Azure Zero Trust Services
+
+| Service | Zero Trust Function |
+|---------|-------------------|
+| Entra ID Conditional Access | Policy-based access decisions |
+| Azure Private Link | Private endpoint connectivity |
+| Microsoft Defender for Cloud | CSPM and CWP |
+| Azure Sentinel | SIEM and SOAR |
+
+## GCP Zero Trust Services
+
+| Service | Zero Trust Function |
+|---------|-------------------|
+| BeyondCorp Enterprise | Identity-Aware Proxy |
+| VPC Service Controls | API-level perimeter |
+| Binary Authorization | Container image trust |
+| Security Command Center | Cloud posture management |
+
+## Maturity Levels
+- **Traditional**: Perimeter-based, VPN-dependent, implicit trust
+- **Initial**: Some identity verification, partial segmentation
+- **Advanced**: Continuous verification, micro-segmentation, encrypted everywhere
+
+## External References
+- NIST SP 800-207: https://csrc.nist.gov/pubs/sp/800/207/final
+- Google BeyondCorp: https://cloud.google.com/beyondcorp
+- AWS Verified Access: https://docs.aws.amazon.com/verified-access/
+- Azure Zero Trust: https://learn.microsoft.com/en-us/security/zero-trust/
+- CISA Zero Trust Maturity Model: https://www.cisa.gov/zero-trust-maturity-model