creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 13:14:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix MITRE ATT&CK mappings per CodeRabbit review

Browse Source 
- Replace generic T1190/T1059/T1078 with context-specific techniques
- Persistence: T1547, T1053, T1543, T1574
- Credentials: T1003, T1558, T1550
- Phishing: T1566, T1204, T1534
- Ransomware: T1486, T1490, T1489
- Cloud: T1078, T1537, T1580, T1098
- Remove mappings from out-of-scope subdomains (ot-ics, malware-analysis, digital-forensics)
This commit is contained in:
MAGI
2026-03-17 17:12:05 -06:00
committed by Julio César Suástegui
parent 5e62a7ea2c
commit 42258456e8
32 changed files with 31 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/analyzing-malware-persistence-with-autoruns/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Use Sysinternals Autoruns to systematically identify and analyze ma
domain: cybersecurity
subdomain: malware-analysis
tags: [autoruns, persistence, malware-analysis, sysinternals, windows, registry, startup, incident-response]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1547", "T1053", "T1543", "T1574"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/analyzing-memory-dumps-with-volatility/SKILL.md
+1 -1
View File
@@ -9,7 +9,7 @@ description: >
domain: cybersecurity
subdomain: malware-analysis
tags: [malware, memory-forensics, Volatility, RAM-analysis, incident-response]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1003", "T1055", "T1620", "T1574"]
version: 1.0.0
author: mahipal
license: Apache-2.0
skills/analyzing-persistence-mechanisms-in-linux/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Detect and analyze Linux persistence mechanisms including crontab e
domain: cybersecurity
subdomain: threat-hunting
tags: [linux-persistence, crontab, systemd, ld-preload, auditd, threat-hunting, incident-response]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1053", "T1543", "T1574", "T1546"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/analyzing-windows-prefetch-with-python/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Parse Windows Prefetch files using the windowsprefetch Python libra
domain: cybersecurity
subdomain: digital-forensics
tags: [digital-forensics, windows, prefetch, execution-history, incident-response, malware-analysis]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1059", "T1204", "T1036", "T1070.004"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/building-incident-response-dashboard/SKILL.md
+1 -1
View File
@@ -8,7 +8,7 @@ description: >
domain: cybersecurity
subdomain: soc-operations
tags: [soc, dashboard, incident-response, splunk, visualization, situational-awareness, metrics]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1190", "T1566", "T1486"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/building-phishing-reporting-button-workflow/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Implement a phishing report button in email clients with automated
domain: cybersecurity
subdomain: phishing-defense
tags: [phishing-reporting, email-security, incident-response, security-awareness, outlook, microsoft-365, soar]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1566", "T1204", "T1534"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/building-soc-playbook-for-ransomware/SKILL.md
+1 -1
View File
@@ -8,7 +8,7 @@ description: >
domain: cybersecurity
subdomain: soc-operations
tags: [soc, ransomware, incident-response, playbook, nist, mitre-attack, containment]
mitre_attack: ["T1190", "T1566", "T1078"]
mitre_attack: ["T1486", "T1490", "T1489", "T1570"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/deobfuscating-powershell-obfuscated-malware/SKILL.md
-1
View File
@@ -4,7 +4,6 @@ description: Systematically deobfuscate multi-layer PowerShell malware using AST
domain: cybersecurity
subdomain: malware-analysis
tags: [powershell, deobfuscation, malware-analysis, scripting, obfuscation, ast-analysis, incident-response]
mitre_attack: ["T1190", "T1059", "T1078"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/deploying-osquery-for-endpoint-monitoring/SKILL.md
+1 -1
View File
@@ -9,7 +9,7 @@ description: >
domain: cybersecurity
subdomain: endpoint-security
tags: [endpoint, osquery, endpoint-monitoring, threat-hunting, fleet-management]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1547", "T1053", "T1543", "T1059"]
version: 1.0.0
author: mahipal
license: Apache-2.0
skills/detecting-attacks-on-scada-systems/SKILL.md
-1
View File
@@ -11,7 +11,6 @@ description: >
domain: cybersecurity
subdomain: ot-ics-security
tags: [ot-security, ics, scada, industrial-control, iec62443, intrusion-detection, threat-detection]
mitre_attack: ["T1190", "T1059", "T1078"]
version: 1.0.0
author: mahipal
license: Apache-2.0
skills/detecting-aws-guardduty-findings-automation/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Automate AWS GuardDuty threat detection findings processing using E
domain: cybersecurity
subdomain: cloud-security
tags: [aws, guardduty, eventbridge, lambda, threat-detection, automation, incident-response, siem]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1078", "T1537", "T1580"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/detecting-compromised-cloud-credentials/SKILL.md
+1 -1
View File
@@ -8,7 +8,7 @@ description: >
domain: cybersecurity
subdomain: cloud-security
tags: [cloud-security, credential-compromise, threat-detection, guardduty, incident-response, anomaly-detection]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1078", "T1528", "T1550"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/extracting-credentials-from-memory-dump/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Extract cached credentials, password hashes, Kerberos tickets, and
domain: cybersecurity
subdomain: digital-forensics
tags: [forensics, credential-extraction, memory-forensics, volatility, mimikatz, password-hashes, incident-response]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1003", "T1558", "T1550"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/extracting-windows-event-logs-artifacts/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsa
domain: cybersecurity
subdomain: digital-forensics
tags: [forensics, windows-event-logs, evtx, chainsaw, hayabusa, sigma-rules, incident-response]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1070", "T1059", "T1547"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/implementing-cloud-waf-rules/SKILL.md
+2 -2
View File
@@ -8,7 +8,7 @@ description: >
false positives through rule tuning and logging analysis.
domain: cybersecurity
subdomain: cloud-security
tags: [cloud-waf, aws-waf, azure-waf, cloudflare-waf, owasp-protection, rate-limiting]
tags: [cloud-waf, aws-waf, owasp-protection, rate-limiting, geo-blocking]
version: 1.0.0
author: mahipal
license: Apache-2.0
@@ -265,7 +265,7 @@ After 7-14 days of Count mode with acceptable false positive rates, switch manag
## Output Format
```text
```
Cloud WAF Configuration Report
================================
Web ACL: production-waf
skills/implementing-endpoint-detection-with-wazuh/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Deploy and configure Wazuh SIEM/XDR for endpoint detection includin
domain: cybersecurity
subdomain: security-operations
tags: [siem, xdr, wazuh, endpoint-detection, custom-rules, incident-response]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1547", "T1053", "T1059", "T1078"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/implementing-ot-incident-response-playbook/SKILL.md
-1
View File
@@ -8,7 +8,6 @@ description: >
domain: cybersecurity
subdomain: ot-ics-security
tags: [ot-security, ics, incident-response, playbook, sans, iec62443, nist, safety-critical]
mitre_attack: ["T1190", "T1566", "T1078"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/implementing-patch-management-for-ot-systems/SKILL.md
-1
View File
@@ -10,7 +10,6 @@ description: >
domain: cybersecurity
subdomain: ot-ics-security
tags: [ot-security, ics, scada, industrial-control, iec62443, patch-management, vulnerability-management]
mitre_attack: ["T1190", "T1059", "T1078"]
version: 1.0.0
author: mahipal
license: Apache-2.0
skills/implementing-ransomware-backup-strategy/SKILL.md
+1 -1
View File
@@ -11,7 +11,7 @@ description: >
domain: cybersecurity
subdomain: ransomware-defense
tags: [ransomware, backup, incident-response, defense, recovery, immutable-storage]
mitre_attack: ["T1486", "T1490", "T1489", "T1021", "T1570"]
mitre_attack: ["T1486", "T1490", "T1489"]
version: 1.0.0
author: mahipal
license: Apache-2.0
skills/implementing-soar-automation-with-phantom/SKILL.md
+1 -1
View File
@@ -8,7 +8,7 @@ description: >
domain: cybersecurity
subdomain: soc-operations
tags: [soc, soar, phantom, splunk-soar, automation, playbook, orchestration, incident-response]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1566", "T1059", "T1078"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/implementing-soar-playbook-for-phishing/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Automate phishing incident response using Splunk SOAR REST API to c
domain: cybersecurity
subdomain: security-operations
tags: [soar, splunk-phantom, phishing, incident-response]
mitre_attack: ["T1190", "T1566", "T1078"]
mitre_attack: ["T1566", "T1204", "T1534", "T1598"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/implementing-soar-playbook-with-palo-alto-xsoar/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Implement automated incident response playbooks in Cortex XSOAR to
domain: cybersecurity
subdomain: soc-operations
tags: [xsoar, soar, palo-alto, playbook, automation, incident-response, orchestration, cortex]
mitre_attack: ["T1190", "T1566", "T1078"]
mitre_attack: ["T1566", "T1204", "T1078"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/implementing-zero-trust-network-access/SKILL.md
+4 -4
View File
@@ -1,10 +1,10 @@
---
name: implementing-zero-trust-network-access
description: >
Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring
identity-aware proxies, micro-segmentation, continuous verification with conditional
access policies, and replacing traditional VPN-based access with BeyondCorp-style
architectures across AWS, Azure, and GCP.
Implementing Zero Trust Network Access (ZTNA) in cloud environments by deploying
GCP Identity-Aware Proxy, AWS Verified Access, and Azure Conditional Access with
Private Link. Covers micro-segmentation with security groups and Kubernetes network
policies, and replacing traditional VPN-based access with identity-based controls.
domain: cybersecurity
subdomain: cloud-security
tags: [cloud-security, zero-trust, ztna, beyondcorp, identity-aware-proxy, micro-segmentation]
skills/investigating-phishing-email-incident/SKILL.md
+1 -1
View File
@@ -8,7 +8,7 @@ description: >
domain: cybersecurity
subdomain: soc-operations
tags: [soc, phishing, incident-response, email-security, splunk, defender, sandbox]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1566", "T1204", "T1534", "T1598"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/investigating-ransomware-attack-artifacts/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Identify, collect, and analyze ransomware attack artifacts to deter
domain: cybersecurity
subdomain: digital-forensics
tags: [forensics, ransomware, malware-analysis, incident-response, encryption-recovery, evidence-collection]
mitre_attack: ["T1486", "T1490", "T1489", "T1021", "T1570"]
mitre_attack: ["T1486", "T1490", "T1489", "T1570"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/performing-cloud-forensics-investigation/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Conduct forensic investigations in cloud environments by collecting
domain: cybersecurity
subdomain: digital-forensics
tags: [forensics, cloud-forensics, aws, azure, gcp, incident-response, log-analysis]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1078", "T1537", "T1580"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/performing-cloud-forensics-with-aws-cloudtrail/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Perform forensic investigation of AWS environments using CloudTrail
domain: cybersecurity
subdomain: cloud-security
tags: [cloud-security, aws, cloudtrail, forensics, incident-response, dfir, boto3, s3]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1078", "T1098", "T1537", "T1562"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/performing-malware-persistence-investigation/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Systematically investigate all persistence mechanisms on Windows an
domain: cybersecurity
subdomain: digital-forensics
tags: [forensics, malware-persistence, autoruns, registry, scheduled-tasks, rootkit-detection, incident-response]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1547", "T1053", "T1543", "T1574"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/performing-memory-forensics-with-volatility3-plugins/SKILL.md
+1 -1
View File
@@ -4,7 +4,7 @@ description: Analyze memory dumps using Volatility3 plugins to detect injected c
domain: cybersecurity
subdomain: malware-analysis
tags: [memory-forensics, volatility3, malware-analysis, incident-response, process-injection, rootkit-detection, dfir]
mitre_attack: ["T1003", "T1055", "T1620", "T1574"]
mitre_attack: ["T1003", "T1055", "T1620"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/performing-soc-tabletop-exercise/SKILL.md
+1 -1
View File
@@ -8,7 +8,7 @@ description: >
domain: cybersecurity
subdomain: soc-operations
tags: [soc, tabletop, exercise, incident-response, training, nist, playbook-validation]
mitre_attack: ["T1190", "T1059", "T1078"]
mitre_attack: ["T1566", "T1486", "T1078"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/performing-windows-artifact-analysis-with-eric-zimmerman-tools/SKILL.md
-1
View File
@@ -4,7 +4,6 @@ description: Perform comprehensive Windows forensic artifact analysis using Eric
domain: cybersecurity
subdomain: digital-forensics
tags: [eric-zimmerman, ez-tools, kape, mftecmd, pecmd, lecmd, jlecmd, registry-forensics, windows-forensics, timeline-explorer, dfir, artifact-analysis]
mitre_attack: ["T1190", "T1059", "T1078"]
version: "1.0"
author: mahipal
license: Apache-2.0
skills/recovering-from-ransomware-attack/SKILL.md
+1 -1
View File
@@ -11,7 +11,7 @@ description: >
domain: cybersecurity
subdomain: ransomware-defense
tags: [ransomware, recovery, incident-response, backup, defense]
mitre_attack: ["T1486", "T1490", "T1489", "T1021", "T1570"]
mitre_attack: ["T1486", "T1490", "T1489"]
version: 1.0.0
author: mahipal
license: Apache-2.0