creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
Anthropic-Cybersecurity-Skills/skills/implementing-privileged-access-workstation/references/api-reference.md
T
mukul975 4d6d585285 Add 10 new cybersecurity skills with full folder anatomy 
Skills added:
- implementing-privileged-access-workstation (IAM, PAW hardening)
- detecting-suspicious-oauth-application-consent (cloud security, Graph API)
- performing-hardware-security-module-integration (cryptography, PKCS#11)
- analyzing-android-malware-with-apktool (malware analysis, androguard)
- hunting-for-unusual-service-installations (threat hunting, T1543.003)
- detecting-shadow-it-cloud-usage (cloud security, proxy/DNS log analysis)
- performing-active-directory-forest-trust-attack (red team, impacket)
- implementing-deception-based-detection-with-canarytoken (deception, Canary API)
- analyzing-office365-audit-logs-for-compromise (cloud security, BEC detection)
- hunting-for-startup-folder-persistence (threat hunting, T1547.001)

Each skill includes SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:47:03 +01:00

2.0 KiB
Raw Permalink Blame History

API Reference — Implementing Privileged Access Workstation

Libraries Used

  • subprocess: Execute PowerShell cmdlets for device hardening, group membership, software inventory
  • json: Parse PowerShell ConvertTo-Json output

CLI Interface

python agent.py harden
python agent.py admins
python agent.py software
python agent.py network
python agent.py full

Core Functions

check_device_hardening() — Audit 7 PAW hardening controls

Checks: Credential Guard, VBS status, Secure Boot, BitLocker, AppLocker, Windows Firewall profiles, UAC level via registry.

check_local_admin_group() — JIT access audit

Enumerates local Administrators group via Get-LocalGroupMember. Flags unexpected members not matching known admin accounts.

check_installed_software() — Software allowlist enforcement

Queries installed software from registry. Checks against blocked list: browsers (Chrome, Firefox), personal apps (Spotify, Steam, Slack, Zoom, Dropbox).

check_network_restrictions() — Network isolation verification

Counts outbound firewall block rules. Tests general internet connectivity. PAW Tier 0 should block internet — only management endpoints allowed.

full_paw_audit() — Comprehensive compliance report

PAW Hardening Checks

Check PowerShell Source Pass Criteria
Credential Guard Win32_DeviceGuard SecurityServicesRunning > 0
VBS Win32_DeviceGuard VirtualizationBasedSecurityStatus = 2
Secure Boot Confirm-SecureBootUEFI Returns True
BitLocker Get-BitLockerVolume ProtectionStatus = On
AppLocker Get-AppLockerPolicy RuleCollection count > 0
Firewall Get-NetFirewallProfile All profiles enabled
UAC Registry query ConsentPromptBehaviorAdmin >= 2

Blocked Software Patterns

chrome, firefox, spotify, steam, vlc, zoom, slack, dropbox, itunes, whatsapp, telegram

Dependencies

No external packages — Python standard library only. Requires: Windows 10/11 Enterprise with PowerShell 5.1+

Reference in New Issue View Git Blame Copy Permalink