mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 21:49:40 +03:00
Add 10 new cybersecurity skills with full folder anatomy
Skills added: - implementing-privileged-access-workstation (IAM, PAW hardening) - detecting-suspicious-oauth-application-consent (cloud security, Graph API) - performing-hardware-security-module-integration (cryptography, PKCS#11) - analyzing-android-malware-with-apktool (malware analysis, androguard) - hunting-for-unusual-service-installations (threat hunting, T1543.003) - detecting-shadow-it-cloud-usage (cloud security, proxy/DNS log analysis) - performing-active-directory-forest-trust-attack (red team, impacket) - implementing-deception-based-detection-with-canarytoken (deception, Canary API) - analyzing-office365-audit-logs-for-compromise (cloud security, BEC detection) - hunting-for-startup-folder-persistence (threat hunting, T1547.001) Each skill includes SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
This commit is contained in:
@@ -0,0 +1,52 @@
|
||||
# API Reference — Implementing Privileged Access Workstation
|
||||
|
||||
## Libraries Used
|
||||
- **subprocess**: Execute PowerShell cmdlets for device hardening, group membership, software inventory
|
||||
- **json**: Parse PowerShell ConvertTo-Json output
|
||||
|
||||
## CLI Interface
|
||||
```
|
||||
python agent.py harden
|
||||
python agent.py admins
|
||||
python agent.py software
|
||||
python agent.py network
|
||||
python agent.py full
|
||||
```
|
||||
|
||||
## Core Functions
|
||||
|
||||
### `check_device_hardening()` — Audit 7 PAW hardening controls
|
||||
Checks: Credential Guard, VBS status, Secure Boot, BitLocker, AppLocker,
|
||||
Windows Firewall profiles, UAC level via registry.
|
||||
|
||||
### `check_local_admin_group()` — JIT access audit
|
||||
Enumerates local Administrators group via `Get-LocalGroupMember`.
|
||||
Flags unexpected members not matching known admin accounts.
|
||||
|
||||
### `check_installed_software()` — Software allowlist enforcement
|
||||
Queries installed software from registry. Checks against blocked list:
|
||||
browsers (Chrome, Firefox), personal apps (Spotify, Steam, Slack, Zoom, Dropbox).
|
||||
|
||||
### `check_network_restrictions()` — Network isolation verification
|
||||
Counts outbound firewall block rules. Tests general internet connectivity.
|
||||
PAW Tier 0 should block internet — only management endpoints allowed.
|
||||
|
||||
### `full_paw_audit()` — Comprehensive compliance report
|
||||
|
||||
## PAW Hardening Checks
|
||||
| Check | PowerShell Source | Pass Criteria |
|
||||
|-------|------------------|---------------|
|
||||
| Credential Guard | Win32_DeviceGuard | SecurityServicesRunning > 0 |
|
||||
| VBS | Win32_DeviceGuard | VirtualizationBasedSecurityStatus = 2 |
|
||||
| Secure Boot | Confirm-SecureBootUEFI | Returns True |
|
||||
| BitLocker | Get-BitLockerVolume | ProtectionStatus = On |
|
||||
| AppLocker | Get-AppLockerPolicy | RuleCollection count > 0 |
|
||||
| Firewall | Get-NetFirewallProfile | All profiles enabled |
|
||||
| UAC | Registry query | ConsentPromptBehaviorAdmin >= 2 |
|
||||
|
||||
## Blocked Software Patterns
|
||||
chrome, firefox, spotify, steam, vlc, zoom, slack, dropbox, itunes, whatsapp, telegram
|
||||
|
||||
## Dependencies
|
||||
No external packages — Python standard library only.
|
||||
Requires: Windows 10/11 Enterprise with PowerShell 5.1+
|
||||
Reference in New Issue
Block a user