feat: enrich 209 skills with MITRE ATLAS, D3FEND, and NIST AI RMF frontmatter

Added structured security framework mappings to SKILL.md frontmatter across all applicable skills:
- atlas_techniques: MITRE ATLAS v5.5 AML.TXXXX IDs (81 skills, AI-targeted attack techniques)
- d3fend_techniques: MITRE D3FEND v1.3 defensive technique labels (139 skills, mapped from ATT&CK IDs)
- nist_ai_rmf: NIST AI RMF 1.0 subcategory IDs (85 skills, AI risk management functions)

Also updates ATTACK_COVERAGE.md with coverage statistics for all three frameworks.
This commit is contained in:
mukul975
2026-04-06 01:55:37 +02:00
parent c15f73db46
commit ef27f026cb
209 changed files with 3959 additions and 3379 deletions
@@ -1,12 +1,26 @@
---
name: detecting-suspicious-powershell-execution
description: Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts, and constrained language mode evasion.
description: Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts,
and constrained language mode evasion.
domain: cybersecurity
subdomain: threat-hunting
tags: [threat-hunting, mitre-attack, powershell, execution, t1059, amsi, proactive-detection]
version: "1.0"
tags:
- threat-hunting
- mitre-attack
- powershell
- execution
- t1059
- amsi
- proactive-detection
version: '1.0'
author: mahipal
license: Apache-2.0
d3fend_techniques:
- Executable Denylisting
- Execution Isolation
- File Metadata Consistency Validation
- Content Format Conversion
- File Content Analysis
---
# Detecting Suspicious Powershell Execution