creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
131 Commits 1 Branch 3 Tags
b53f3d49919815fafb02f7283b9b5e3722cc82a2
Commit Graph

131 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Julio César Suástegui b53f3d4991 fix: add error handling for IOError/UnicodeDecodeError + sync ALLOWED_SUBDOMAINS 
- Wrap open() call in try/except for IOError and UnicodeDecodeError
  to report clean errors instead of crashing on encoding issues
- Add all subdomains actually used by existing skills in the repo:
  identity-access-management (33 skills), security-operations (28),
  identity-and-access-management, zero-trust, ot-security, purple-team,
  red-team, ai-security, social-engineering-defense, and others
- Remove identity-security as the canonical form is identity-access-management
 2026-04-03 09:49:04 -06:00
mukul975 c15f73db46 chore: auto-update index.json 2026-04-03 06:56:09 +00:00
mukul975 6325c202c5 chore: auto-update index.json 2026-04-03 06:30:32 +00:00
Mahipal 1cf19ded90 Merge pull request #26 from juliosuas/add-mitre-attack-incident-response 
Add MITRE ATT&CK IDs to incident response skills (fixes #1)
 2026-04-03 02:30:23 -04:00
Mahipal a7f577b482 Add skill: performing-cloud-native-threat-hunting-with-aws-detective 
Add skill: performing-cloud-native-threat-hunting-with-aws-detective
 2026-04-03 02:30:17 -04:00
Mahipal e26a736cf7 ci: add workflow to auto-sync marketplace version on release 2026-03-31 14:46:36 +02:00
Mahipal bb39fa73a9 Update marketplace version to v1.1.0 2026-03-31 14:41:58 +02:00
Mahipal 1cffd664f5 Remove Product Hunt badge from README 
Removed Product Hunt badge from README.
 2026-03-28 17:51:39 +01:00
Mahipal d7f205681a Add Product Hunt badge to README 
Added a Product Hunt badge to promote the project.
 2026-03-28 17:23:50 +01:00
mukul975 7283f02ba9 chore: auto-update index.json 2026-03-28 11:41:02 +00:00
mukul975 476a0880f4 Fix ESET AV false positive on AMSI bypass strings in skill docs 2026-03-28 12:40:53 +01:00
MAGI a072845a3f Fix review comments: correct AWS Detective API usage and forensic ordering 
- Fix FilterCriteria to use singular Severity/Status with Value objects
  instead of invalid plural Severities/Statuses arrays (SKILL.md + process.py)
- Fix get_entity_history: rename to get_investigation_indicators, use
  investigation_id instead of entity_arn for InvestigationId parameter
- Replace invalid inv-* placeholders with 21-digit numeric IDs
- Fix Expected Output to match real API response structure (no embedded
  Indicators; document separate list-indicators call and indicator types)
- Fix CLI --filter-criteria example to use correct format
- Update process.py --severity to accept single value with validation
- Add --max-results validation (1-100 range)
- Add pagination via _collect_all_pages helper for all list API calls
- Reorder Response Actions checklist: evidence preservation before containment
- Reorder Phase 5 workflow: preserve evidence first when safe
 2026-03-28 02:06:16 -06:00
MAGI 41b828e758 fix: add missing process.py implementation for aws-detective skill 
The process.py script was empty (0 bytes). Added a functional
implementation that lists behavior graphs, retrieves investigations,
queries indicators, and exports results — matching the pattern of
other skills in the repository.
 2026-03-28 02:06:16 -06:00
MAGI 2f6701d2d8 Add skill: performing-cloud-native-threat-hunting-with-aws-detective (fixes #6) 2026-03-28 02:06:16 -06:00
mukul975 aff90acbf5 Trigger contributor recalculation 2026-03-28 02:06:16 -06:00
Julio César Suástegui 84b4699e59 fix: remove out-of-scope changes (cloud-waf tags, zero-trust description rewrite) 2026-03-28 02:06:00 -06:00
MAGI c7ad5e7b98 Fix round 3: refine MITRE ATT&CK mappings per CodeRabbit review 
- osquery: replace broad IDs with concrete detections (T1049, T1620, T1053.003, T1548.001, T1552)
- credential extraction: replace T1550 with T1552 (Unsecured Credentials)
- persistence investigation: use sub-techniques (T1547.001, T1053.005, T1543.003, T1546.003)
 2026-03-28 02:06:00 -06:00
MAGI 15d53bd09b Fix MITRE ATT&CK mappings per CodeRabbit review: align techniques to skill content 
- analyzing-malware-persistence-with-autoruns: add persistence techniques T1547, T1053, T1543, T1546
- analyzing-memory-dumps-with-volatility: add memory forensics techniques T1055, T1003, T1059, T1620
- analyzing-persistence-mechanisms-in-linux: add Linux-specific sub-techniques T1053.003, T1543.002, T1574.006, T1546.004
- analyzing-windows-prefetch-with-python: add execution techniques T1059, T1204, T1036
- building-incident-response-dashboard: remove misaligned mitre_attack (dashboard is a visibility tool)
- building-phishing-reporting-button-workflow: add phishing techniques T1566, T1204, T1534
- deobfuscating-powershell-obfuscated-malware: add PowerShell/obfuscation techniques T1059.001, T1027, T1140
 2026-03-28 02:06:00 -06:00
MAGI 100361c3e5 Scope fix: remove mitre_attack from 24 non-incident-response skills, use sub-techniques 
- Removed mitre_attack from digital-forensics, cloud-security, malware-analysis,
  endpoint-security, threat-hunting, ransomware-defense, phishing-defense, and
  security-operations subdomain skills (out of PR scope per issue #1)
- Applied sub-technique IDs where appropriate (T1566.001, T1003.001, etc.)
- Only incident-response and soc-operations skills retain mappings
 2026-03-28 02:06:00 -06:00
MAGI 42258456e8 Fix MITRE ATT&CK mappings per CodeRabbit review 
- Replace generic T1190/T1059/T1078 with context-specific techniques
- Persistence: T1547, T1053, T1543, T1574
- Credentials: T1003, T1558, T1550
- Phishing: T1566, T1204, T1534
- Ransomware: T1486, T1490, T1489
- Cloud: T1078, T1537, T1580, T1098
- Remove mappings from out-of-scope subdomains (ot-ics, malware-analysis, digital-forensics)
 2026-03-28 02:05:57 -06:00
MAGI 5e62a7ea2c Add MITRE ATT&CK technique IDs to 60 incident-response skills (fixes #1) 2026-03-28 02:05:53 -06:00
mukul975 0fbcbdf8dd chore: auto-update index.json 2026-03-27 09:24:27 +00:00
Julio César Suástegui 97c213f9a4 Add skill: detecting-lateral-movement-with-zeek (fixes #5) (#29) 2026-03-27 10:24:16 +01:00
mukul975 9314565dd9 docs: update release version from v1.0.0 to v1.1.0 in README 2026-03-23 19:17:24 +01:00
mukul975 c74a7547bb docs: replace static contributors table with contrib.rocks auto-updating widget 2026-03-23 19:16:03 +01:00
mukul975 f4e791c06c docs: remove fake contributor Systech2021-1952 from README 2026-03-23 19:14:33 +01:00
mukul975 577f795252 docs: update skill count to 753 and domain count to 38 across all files 2026-03-21 13:57:15 +01:00
mukul975 ac77250450 docs: use single name Mahipal in CITATION.cff 2026-03-21 13:38:37 +01:00
mukul975 57b684e4d6 docs: add CITATION.cff for academic and tool attribution 2026-03-21 13:37:55 +01:00
mukul975 3856835990 chore: auto-update index.json 2026-03-21 12:23:42 +00:00
mukul975 db3eaaeaf2 fix: add workflow_dispatch and self-trigger to update-index workflow 2026-03-21 13:23:34 +01:00
mukul975 7f60276fd9 fix: add missing import re in update-index workflow, bump version to 1.1.0 2026-03-21 13:21:55 +01:00
mukul975 e2c3836c30 feat: upgrade 5 skills with full content for v1.1.0 
Replaced stub SKILL.md files with complete implementations:
- analyzing-linux-audit-logs-for-intrusion (257 lines, full auditd workflow)
- analyzing-windows-amcache-artifacts (237 lines, AmcacheParser + timeline)
- detecting-oauth-token-theft (266 lines, Azure AD token protection)
- implementing-devsecops-security-scanning (372 lines, full CI/CD pipeline)
- implementing-privileged-session-monitoring (323 lines, PAM session audit)

Also bumps index.json to version 1.1.0.
v1.1.0 		2026-03-21 12:36:58 +01:00
mukul975 d77aaf8b28 Fix index.json: restore description field for skill registration 2026-03-21 11:46:09 +01:00
mukul975 777b3b97a2 Update contact email to mukuljangra5@gmail.com 2026-03-21 11:43:18 +01:00
mukul975 38915dec6d Slim index.json to name+path only, fix plugin domain loading 
- index.json: 463KB -> 84KB (name+path only, single cybersecurity domain)
- update-index.yml: generates compact slim index on every push
- marketplace.json + plugin.json: update skill count 607+ to 753
 2026-03-21 11:39:28 +01:00
mukul975 7bc1b2be1c Remove audit report from repo 2026-03-19 19:47:28 +01:00
mukul975 5cde5a95e6 Add MITRE ATT&CK coverage map: 291 techniques across 14/14 tactics 2026-03-19 19:43:25 +01:00
mukul975 201975ae70 chore: auto-update index.json 2026-03-19 18:14:37 +00:00
mukul975 d833f0eab9 Add 30 new production-grade cybersecurity skills: AI security, supply chain, firmware, cloud-native, compliance, deception, crypto, threat hunting, purple team, OT, privacy 2026-03-19 19:14:25 +01:00
mukul975 d43cc7a766 chore: auto-update index.json 2026-03-19 13:12:59 +00:00
mukul975 a1e9ca5a4a Expand 4 remaining SKILL.md stubs with researched content 2026-03-19 14:12:18 +01:00
mukul975 6dc9e739e3 chore: auto-update index.json 2026-03-19 12:56:47 +00:00
mukul975 5a64fb0416 Fix last 2 issues: expand Datadog SKILL.md, fix XSOAR verify=False 2026-03-19 13:56:37 +01:00
mukul975 0bf1fa2a41 chore: auto-update index.json 2026-03-19 12:56:06 +00:00
mukul975 051e7e72ed Expand 38 agent.py stubs, standardize 347 SKILL.md sections, fix 4 verify=False 2026-03-19 13:55:55 +01:00
mukul975 79287253fb chore: auto-update index.json 2026-03-19 12:44:47 +00:00
mukul975 7e2e6ad664 Expand boilerplate agent.py stubs with real implementations (batch 2) 2026-03-19 13:44:38 +01:00
mukul975 3803da65d5 chore: auto-update index.json 2026-03-19 12:42:21 +00:00
mukul975 682d416c6e Remove backed-up duplicate skills to fix validation pipeline 2026-03-19 13:41:56 +01:00