creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
116 Commits 1 Branch 3 Tags
84b4699e593e7eccfb6f72a2fe0ebbe05fc59f01
Commit Graph

44 Commits

Author SHA1 Message Date
Julio César Suástegui 84b4699e59 fix: remove out-of-scope changes (cloud-waf tags, zero-trust description rewrite) 2026-03-28 02:06:00 -06:00
MAGI c7ad5e7b98 Fix round 3: refine MITRE ATT&CK mappings per CodeRabbit review 
- osquery: replace broad IDs with concrete detections (T1049, T1620, T1053.003, T1548.001, T1552)
- credential extraction: replace T1550 with T1552 (Unsecured Credentials)
- persistence investigation: use sub-techniques (T1547.001, T1053.005, T1543.003, T1546.003)
 2026-03-28 02:06:00 -06:00
MAGI 15d53bd09b Fix MITRE ATT&CK mappings per CodeRabbit review: align techniques to skill content 
- analyzing-malware-persistence-with-autoruns: add persistence techniques T1547, T1053, T1543, T1546
- analyzing-memory-dumps-with-volatility: add memory forensics techniques T1055, T1003, T1059, T1620
- analyzing-persistence-mechanisms-in-linux: add Linux-specific sub-techniques T1053.003, T1543.002, T1574.006, T1546.004
- analyzing-windows-prefetch-with-python: add execution techniques T1059, T1204, T1036
- building-incident-response-dashboard: remove misaligned mitre_attack (dashboard is a visibility tool)
- building-phishing-reporting-button-workflow: add phishing techniques T1566, T1204, T1534
- deobfuscating-powershell-obfuscated-malware: add PowerShell/obfuscation techniques T1059.001, T1027, T1140
 2026-03-28 02:06:00 -06:00
MAGI 100361c3e5 Scope fix: remove mitre_attack from 24 non-incident-response skills, use sub-techniques 
- Removed mitre_attack from digital-forensics, cloud-security, malware-analysis,
  endpoint-security, threat-hunting, ransomware-defense, phishing-defense, and
  security-operations subdomain skills (out of PR scope per issue #1)
- Applied sub-technique IDs where appropriate (T1566.001, T1003.001, etc.)
- Only incident-response and soc-operations skills retain mappings
 2026-03-28 02:06:00 -06:00
MAGI 42258456e8 Fix MITRE ATT&CK mappings per CodeRabbit review 
- Replace generic T1190/T1059/T1078 with context-specific techniques
- Persistence: T1547, T1053, T1543, T1574
- Credentials: T1003, T1558, T1550
- Phishing: T1566, T1204, T1534
- Ransomware: T1486, T1490, T1489
- Cloud: T1078, T1537, T1580, T1098
- Remove mappings from out-of-scope subdomains (ot-ics, malware-analysis, digital-forensics)
 2026-03-28 02:05:57 -06:00
MAGI 5e62a7ea2c Add MITRE ATT&CK technique IDs to 60 incident-response skills (fixes #1) 2026-03-28 02:05:53 -06:00
Julio César Suástegui 97c213f9a4 Add skill: detecting-lateral-movement-with-zeek (fixes #5) (#29) 2026-03-27 10:24:16 +01:00
mukul975 e2c3836c30 feat: upgrade 5 skills with full content for v1.1.0 
Replaced stub SKILL.md files with complete implementations:
- analyzing-linux-audit-logs-for-intrusion (257 lines, full auditd workflow)
- analyzing-windows-amcache-artifacts (237 lines, AmcacheParser + timeline)
- detecting-oauth-token-theft (266 lines, Azure AD token protection)
- implementing-devsecops-security-scanning (372 lines, full CI/CD pipeline)
- implementing-privileged-session-monitoring (323 lines, PAM session audit)

Also bumps index.json to version 1.1.0.
 2026-03-21 12:36:58 +01:00
mukul975 d833f0eab9 Add 30 new production-grade cybersecurity skills: AI security, supply chain, firmware, cloud-native, compliance, deception, crypto, threat hunting, purple team, OT, privacy 2026-03-19 19:14:25 +01:00
mukul975 a1e9ca5a4a Expand 4 remaining SKILL.md stubs with researched content 2026-03-19 14:12:18 +01:00
mukul975 5a64fb0416 Fix last 2 issues: expand Datadog SKILL.md, fix XSOAR verify=False 2026-03-19 13:56:37 +01:00
mukul975 051e7e72ed Expand 38 agent.py stubs, standardize 347 SKILL.md sections, fix 4 verify=False 2026-03-19 13:55:55 +01:00
mukul975 7e2e6ad664 Expand boilerplate agent.py stubs with real implementations (batch 2) 2026-03-19 13:44:38 +01:00
mukul975 682d416c6e Remove backed-up duplicate skills to fix validation pipeline 2026-03-19 13:41:56 +01:00
mukul975 3492302a13 Fix frontmatter descriptions, duplicate YAML blocks, title headings across 60 files 2026-03-19 13:39:41 +01:00
mukul975 d005ae764b Expand 39 api-reference stubs with real tool docs, expand 15 agent.py boilerplate stubs 2026-03-19 13:29:50 +01:00
mukul975 c47eed6a64 Production hardening: security fixes, code quality, 724 skills complete 
- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
 2026-03-19 13:26:49 +01:00
juliosuas 2967d69d48 Translate top skills to Spanish 
Adds Spanish translations for 7 cybersecurity skills.
 2026-03-19 10:06:13 +01:00
juliosuas cfa57cf8bf Add working example output to digital-forensics skills 
Adds realistic example output sections to 10 digital forensics skills.
 2026-03-19 10:05:56 +01:00
juliosuas 34e0cf6e2d Fix NIST CSF 2.0 category counts in table: ID=3, RC=2 
The summary table had incorrect category counts for Identify (4 → 3)
and Recover (1 → 2), inconsistent with the frontmatter mapping and
official NIST CSF 2.0 specification (GV:6 + ID:3 + PR:5 + DE:2 +
RS:4 + RC:2 = 22 categories).
 2026-03-19 10:02:23 +01:00
juliosuas 16201a7e60 Address CodeRabbit review: legal guardrails, mkdir, filename consistency, HIBP headers 2026-03-19 10:02:22 +01:00
juliosuas 788404ca75 Add skill: performing-ai-driven-osint-correlation 2026-03-19 10:02:22 +01:00
juliosuas ebffa4fb4f Fix NIST CSF 2.0: correct official 22 categories (add RS.MI, RC.CO; remove ID.AA) 2026-03-17 22:11:05 -06:00
juliosuas ba9146a2cd Fix NIST CSF category count: include all 22 categories 2026-03-17 17:17:02 -06:00
juliosuas 03da94c256 Add NIST CSF 2.0 categories to compliance-governance skills (fixes #2) 2026-03-17 10:28:43 -06:00
mukul975 4ed6f49151 chore: fix license, add disclaimer, quick start, GitHub topics, issue templates 2026-03-11 01:42:50 +01:00
mukul975 b29b23470a feat: add 5 new cybersecurity skills - secrets scanning CI/CD, Bluetooth assessment, DNS exfil Zeek, SOAR phishing, AD ACL abuse 2026-03-11 01:21:45 +01:00
mukul975 794489277c fix: correct license from Apache-2.0 to MIT for batch 2 skills 2026-03-11 00:52:29 +01:00
mukul975 aba13ca5af feat: add 5 new cybersecurity skills - Azure storage audit, supply chain simulation, Azure PIM, Empire artifacts, NTLM relay 2026-03-11 00:51:19 +01:00
mukul975 c0c5bbaac1 Add 5 new cybersecurity skills: golden ticket detection, traffic baselining, sandbox evasion analysis, domain fronting hunting, SpiderFoot OSINT 2026-03-11 00:49:24 +01:00
mukul975 ff3a9ce224 feat: add 4 new cybersecurity skills - UEBA insider threat, BeyondCorp zero trust, Linux kernel rootkits, CobaltStrike beacon hunting 2026-03-11 00:48:56 +01:00
mukul975 42cd69598e Add 5 new cybersecurity skills batch 2 - oauth token theft, binary exploitation, STIX2 sharing, linux audit logs, timestomping detection 2026-03-11 00:48:13 +01:00
mukul975 4d6d585285 Add 10 new cybersecurity skills with full folder anatomy 
Skills added:
- implementing-privileged-access-workstation (IAM, PAW hardening)
- detecting-suspicious-oauth-application-consent (cloud security, Graph API)
- performing-hardware-security-module-integration (cryptography, PKCS#11)
- analyzing-android-malware-with-apktool (malware analysis, androguard)
- hunting-for-unusual-service-installations (threat hunting, T1543.003)
- detecting-shadow-it-cloud-usage (cloud security, proxy/DNS log analysis)
- performing-active-directory-forest-trust-attack (red team, impacket)
- implementing-deception-based-detection-with-canarytoken (deception, Canary API)
- analyzing-office365-audit-logs-for-compromise (cloud security, BEC detection)
- hunting-for-startup-folder-persistence (threat hunting, T1547.001)

Each skill includes SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
 2026-03-11 00:47:03 +01:00
mukul975 014c387ff3 feat: add 5 cybersecurity skills - CloudTrail anomalies, SSL/TLS assessment, Wazuh detection, Prefetch analysis, WMI lateral movement 2026-03-11 00:44:42 +01:00
mukul975 7308b56252 feat: add 5 new cybersecurity skills - WMI persistence, CloudTrail forensics, honeypots, PDF malware, DCSync detection 2026-03-11 00:42:59 +01:00
mukul975 aea97ff9ff Add 5 new cybersecurity skills: AFL++ fuzzing, Sysmon scheduled task detection, ModSecurity WAF logging, MITRE Navigator TTP analysis, PowerShell script block hunting 2026-03-11 00:41:59 +01:00
mukul975 546f1ae6ef Add 5 new cybersecurity skills: greenbone vuln mgmt, email compromise detection, MISP sharing, CobaltStrike C2 analysis, registry run key hunting 2026-03-11 00:41:59 +01:00
mukul975 757f1c8eae Add 5 new cybersecurity skills with full implementations 
- implementing-vulnerability-management-with-greenbone: python-gvm GMP API, scan task creation, XML report parsing
- detecting-email-account-compromise: Microsoft Graph inbox rules, impossible travel detection, OAuth grant analysis
- performing-threat-intelligence-sharing-with-misp: PyMISP event creation, attribute management, sharing validation
- analyzing-cobaltstrike-malleable-c2-profiles: dissect.cobaltstrike C2Profile parsing, Suricata rule generation
- hunting-for-registry-run-key-persistence: Sysmon Event 13 analysis, T1547.001 detection, Sigma rule generation
 2026-03-11 00:41:59 +01:00
mukul975 cd8a26b606 feat: add 5 new cybersecurity skills - yara hunting, devsecops scanning, amcache, LOtL, privileged session monitoring 2026-03-11 00:40:06 +01:00
mukul975 74f8c11642 feat: add 5 new cybersecurity skills - RDP brute force, Covenant C2, Calico network policies, heap spray analysis, T1098 hunting 2026-03-11 00:37:15 +01:00
mukul975 90d93af814 Fix SKILL.md frontmatter: add missing domain/subdomain/tags/version/author/license fields, fix name=None entries — all 649 skills now pass CI validation 2026-03-11 00:26:05 +01:00
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
 2026-03-11 00:22:12 +01:00
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
 2026-03-10 21:02:12 +01:00
mukul975 22a7ab1462 Initial commit - 611 cybersecurity skills across all subdomains 2026-02-25 10:47:44 +01:00