fbc47b7ac2
fix: replace word-split tags with domain-specific cybersecurity tags
...
Three SKILL.md files had tags that were simply words split from the
skill name (e.g., "analyzing", "block", "with", "logs") rather than
meaningful discovery keywords. Replace with domain-specific terms that
agents and search tools can actually use for routing.
- analyzing-powershell-script-block-logging: [powershell, script-block-logging, event-id-4104, obfuscation-detection, windows-forensics, endpoint-security]
- analyzing-azure-activity-logs-for-threats: [azure, cloud-security, azure-monitor, kql, threat-hunting, activity-logs]
- analyzing-memory-forensics-with-lime-and-volatility: [memory-forensics, linux-forensics, lime, volatility, incident-response, kernel-modules]
Co-Authored-By: Claude Code <noreply@anthropic.com >
2026-04-21 00:35:35 +00:00
888bbe4c6e
Delete star.yml
2026-04-18 02:09:43 +02:00
c60cb4aa7b
Update star.yml
2026-04-15 22:43:16 +02:00
d5f3fa3248
Update star.yml
2026-04-15 22:37:28 +02:00
91a087aacc
Update star.yml
2026-04-15 22:35:07 +02:00
780757902b
Create star.yml
2026-04-15 19:15:45 +02:00
9e8a8cda80
Add Hermes Agent badge to README
2026-04-15 00:51:53 +02:00
efbbbba5e2
Add Casky.ai Playground section to README
...
Added a section for the Casky.ai Playground with details on its features and usage.
2026-04-11 15:04:51 +02:00
c715f0b36e
Revise README for improved clarity and structure
...
Updated README to enhance project visibility and clarify project scope.
2026-04-11 00:46:21 +02:00
4ae0be7f48
chore: bump marketplace version to v1.2.0
2026-04-06 12:26:39 +02:00
dcc2dc32fd
fix: jq command line continuation in sync-marketplace workflow
2026-04-06 12:25:16 +02:00
c0ab6cfccb
docs: update README for v1.2.0 — 5-framework coverage, 754 skills
2026-04-06 12:06:22 +02:00
b4231b19e7
chore: auto-update index.json
2026-04-06 09:17:52 +00:00
efca3ec611
feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills
...
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.
All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
2026-04-06 11:17:40 +02:00
e8105a2f4d
chore: auto-update index.json
2026-04-05 23:56:33 +00:00
ef27f026cb
feat: enrich 209 skills with MITRE ATLAS, D3FEND, and NIST AI RMF frontmatter
...
Added structured security framework mappings to SKILL.md frontmatter across all applicable skills:
- atlas_techniques: MITRE ATLAS v5.5 AML.TXXXX IDs (81 skills, AI-targeted attack techniques)
- d3fend_techniques: MITRE D3FEND v1.3 defensive technique labels (139 skills, mapped from ATT&CK IDs)
- nist_ai_rmf: NIST AI RMF 1.0 subcategory IDs (85 skills, AI risk management functions)
Also updates ATTACK_COVERAGE.md with coverage statistics for all three frameworks.
2026-04-06 01:56:17 +02:00
c15f73db46
chore: auto-update index.json
2026-04-03 06:56:09 +00:00
6325c202c5
chore: auto-update index.json
2026-04-03 06:30:32 +00:00
1cf19ded90
Merge pull request #26 from juliosuas/add-mitre-attack-incident-response
...
Add MITRE ATT&CK IDs to incident response skills (fixes #1 )
2026-04-03 02:30:23 -04:00
a7f577b482
Add skill: performing-cloud-native-threat-hunting-with-aws-detective
...
Add skill: performing-cloud-native-threat-hunting-with-aws-detective
2026-04-03 02:30:17 -04:00
e26a736cf7
ci: add workflow to auto-sync marketplace version on release
2026-03-31 14:46:36 +02:00
bb39fa73a9
Update marketplace version to v1.1.0
2026-03-31 14:41:58 +02:00
1cffd664f5
Remove Product Hunt badge from README
...
Removed Product Hunt badge from README.
2026-03-28 17:51:39 +01:00
d7f205681a
Add Product Hunt badge to README
...
Added a Product Hunt badge to promote the project.
2026-03-28 17:23:50 +01:00
7283f02ba9
chore: auto-update index.json
2026-03-28 11:41:02 +00:00
476a0880f4
Fix ESET AV false positive on AMSI bypass strings in skill docs
2026-03-28 12:40:53 +01:00
a072845a3f
Fix review comments: correct AWS Detective API usage and forensic ordering
...
- Fix FilterCriteria to use singular Severity/Status with Value objects
instead of invalid plural Severities/Statuses arrays (SKILL.md + process.py)
- Fix get_entity_history: rename to get_investigation_indicators, use
investigation_id instead of entity_arn for InvestigationId parameter
- Replace invalid inv-* placeholders with 21-digit numeric IDs
- Fix Expected Output to match real API response structure (no embedded
Indicators; document separate list-indicators call and indicator types)
- Fix CLI --filter-criteria example to use correct format
- Update process.py --severity to accept single value with validation
- Add --max-results validation (1-100 range)
- Add pagination via _collect_all_pages helper for all list API calls
- Reorder Response Actions checklist: evidence preservation before containment
- Reorder Phase 5 workflow: preserve evidence first when safe
2026-03-28 02:06:16 -06:00
41b828e758
fix: add missing process.py implementation for aws-detective skill
...
The process.py script was empty (0 bytes). Added a functional
implementation that lists behavior graphs, retrieves investigations,
queries indicators, and exports results — matching the pattern of
other skills in the repository.
2026-03-28 02:06:16 -06:00
2f6701d2d8
Add skill: performing-cloud-native-threat-hunting-with-aws-detective ( fixes #6 )
2026-03-28 02:06:16 -06:00
aff90acbf5
Trigger contributor recalculation
2026-03-28 02:06:16 -06:00
84b4699e59
fix: remove out-of-scope changes (cloud-waf tags, zero-trust description rewrite)
2026-03-28 02:06:00 -06:00
c7ad5e7b98
Fix round 3: refine MITRE ATT&CK mappings per CodeRabbit review
...
- osquery: replace broad IDs with concrete detections (T1049, T1620, T1053.003, T1548.001, T1552)
- credential extraction: replace T1550 with T1552 (Unsecured Credentials)
- persistence investigation: use sub-techniques (T1547.001, T1053.005, T1543.003, T1546.003)
2026-03-28 02:06:00 -06:00
15d53bd09b
Fix MITRE ATT&CK mappings per CodeRabbit review: align techniques to skill content
...
- analyzing-malware-persistence-with-autoruns: add persistence techniques T1547, T1053, T1543, T1546
- analyzing-memory-dumps-with-volatility: add memory forensics techniques T1055, T1003, T1059, T1620
- analyzing-persistence-mechanisms-in-linux: add Linux-specific sub-techniques T1053.003, T1543.002, T1574.006, T1546.004
- analyzing-windows-prefetch-with-python: add execution techniques T1059, T1204, T1036
- building-incident-response-dashboard: remove misaligned mitre_attack (dashboard is a visibility tool)
- building-phishing-reporting-button-workflow: add phishing techniques T1566, T1204, T1534
- deobfuscating-powershell-obfuscated-malware: add PowerShell/obfuscation techniques T1059.001, T1027, T1140
2026-03-28 02:06:00 -06:00
100361c3e5
Scope fix: remove mitre_attack from 24 non-incident-response skills, use sub-techniques
...
- Removed mitre_attack from digital-forensics, cloud-security, malware-analysis,
endpoint-security, threat-hunting, ransomware-defense, phishing-defense, and
security-operations subdomain skills (out of PR scope per issue #1 )
- Applied sub-technique IDs where appropriate (T1566.001, T1003.001, etc.)
- Only incident-response and soc-operations skills retain mappings
2026-03-28 02:06:00 -06:00
42258456e8
Fix MITRE ATT&CK mappings per CodeRabbit review
...
- Replace generic T1190/T1059/T1078 with context-specific techniques
- Persistence: T1547, T1053, T1543, T1574
- Credentials: T1003, T1558, T1550
- Phishing: T1566, T1204, T1534
- Ransomware: T1486, T1490, T1489
- Cloud: T1078, T1537, T1580, T1098
- Remove mappings from out-of-scope subdomains (ot-ics, malware-analysis, digital-forensics)
2026-03-28 02:05:57 -06:00
5e62a7ea2c
Add MITRE ATT&CK technique IDs to 60 incident-response skills ( fixes #1 )
2026-03-28 02:05:53 -06:00
0fbcbdf8dd
chore: auto-update index.json
2026-03-27 09:24:27 +00:00
97c213f9a4
Add skill: detecting-lateral-movement-with-zeek ( fixes #5 ) ( #29 )
2026-03-27 10:24:16 +01:00
9314565dd9
docs: update release version from v1.0.0 to v1.1.0 in README
2026-03-23 19:17:24 +01:00
c74a7547bb
docs: replace static contributors table with contrib.rocks auto-updating widget
2026-03-23 19:16:03 +01:00
f4e791c06c
docs: remove fake contributor Systech2021-1952 from README
2026-03-23 19:14:33 +01:00
577f795252
docs: update skill count to 753 and domain count to 38 across all files
2026-03-21 13:57:15 +01:00
ac77250450
docs: use single name Mahipal in CITATION.cff
2026-03-21 13:38:37 +01:00
57b684e4d6
docs: add CITATION.cff for academic and tool attribution
2026-03-21 13:37:55 +01:00
3856835990
chore: auto-update index.json
2026-03-21 12:23:42 +00:00
db3eaaeaf2
fix: add workflow_dispatch and self-trigger to update-index workflow
2026-03-21 13:23:34 +01:00
7f60276fd9
fix: add missing import re in update-index workflow, bump version to 1.1.0
2026-03-21 13:21:55 +01:00
e2c3836c30
feat: upgrade 5 skills with full content for v1.1.0
...
Replaced stub SKILL.md files with complete implementations:
- analyzing-linux-audit-logs-for-intrusion (257 lines, full auditd workflow)
- analyzing-windows-amcache-artifacts (237 lines, AmcacheParser + timeline)
- detecting-oauth-token-theft (266 lines, Azure AD token protection)
- implementing-devsecops-security-scanning (372 lines, full CI/CD pipeline)
- implementing-privileged-session-monitoring (323 lines, PAM session audit)
Also bumps index.json to version 1.1.0.
2026-03-21 12:36:58 +01:00
d77aaf8b28
Fix index.json: restore description field for skill registration
2026-03-21 11:46:09 +01:00
777b3b97a2
Update contact email to mukuljangra5@gmail.com
2026-03-21 11:43:18 +01:00
claude[bot]
Mahipal
mukul975
MAGI
mukul975
Julio César Suástegui
Julio César Suástegui