creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 06:54:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Browse Source 
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
This commit is contained in:
mukul975
2026-04-06 11:17:31 +02:00
parent e8105a2f4d
commit efca3ec611
754 changed files with 12847 additions and 2832 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/detecting-serverless-function-injection/SKILL.md
+21 -10
View File
@@ -1,20 +1,31 @@
---
name: detecting-serverless-function-injection
description: >
Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions,
Google Cloud Functions) through event source poisoning, malicious layer injection, runtime command
execution, and IAM privilege escalation via function modification. The analyst combines static analysis
of function code, CloudTrail event correlation, runtime behavior monitoring, and IAM policy auditing
to identify injection vectors across the expanded serverless attack surface including API Gateway,
S3, SQS, DynamoDB Streams, and CloudWatch event triggers. Activates for requests involving Lambda
security assessment, serverless injection detection, function event poisoning analysis, or serverless
privilege escalation investigation.
description: 'Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google
Cloud Functions) through event source poisoning, malicious layer injection, runtime command execution, and IAM privilege
escalation via function modification. The analyst combines static analysis of function code, CloudTrail event correlation,
runtime behavior monitoring, and IAM policy auditing to identify injection vectors across the expanded serverless attack
surface including API Gateway, S3, SQS, DynamoDB Streams, and CloudWatch event triggers. Activates for requests involving
Lambda security assessment, serverless injection detection, function event poisoning analysis, or serverless privilege escalation
investigation.
'
domain: cybersecurity
subdomain: cloud-security
tags: [serverless-security, Lambda-injection, event-source-poisoning, OWASP-serverless, IAM-escalation, CloudTrail]
tags:
- serverless-security
- Lambda-injection
- event-source-poisoning
- OWASP-serverless
- IAM-escalation
- CloudTrail
version: 1.0.0
author: mukul975
license: Apache-2.0
nist_csf:
- PR.IR-01
- ID.AM-08
- GV.SC-06
- DE.CM-01
---
# Detecting Serverless Function Injection