mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 21:19:40 +03:00
8cae0648ec
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):
- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
invocation, guardrails, model/data poisoning, system-prompt leakage,
embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration
Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
3.1 KiB
3.1 KiB
KAPE Command Reference
KAPE has two execution phases: Target (collection) and Module (processing). Switches use -- prefix. kape.exe is the CLI; gkape.exe is the GUI.
Target (collection) switches
| Switch | Required | Description |
|---|---|---|
--tsource |
yes | Source drive/volume to copy from (e.g. C:, D:, F:\) |
--target |
yes | Target/compound target name(s), comma-separated (e.g. KapeTriage, !SANS_Triage, RegistryHives,EventLogs) |
--tdest |
yes | Destination directory for collected files |
--tflush |
no | Delete contents of --tdest before copy |
--vss |
no | Process all Volume Shadow Copies on --tsource (default false) |
--vhdx <name> |
no | Create a VHDX container from --tdest; value is a base identifier, not a filename |
--vhd <name> |
no | Create a VHD container instead of VHDX |
--zip <name> |
no | Create a ZIP of the collection |
--zv |
no | Add --tdest to container then delete originals (true/false) |
Module (processing) switches
| Switch | Required | Description |
|---|---|---|
--module |
yes | Module/compound module name(s) (e.g. !EZParser, PECmd, MFTECmd) |
--mdest |
yes | Destination for parsed module output (CSV/JSON/HTML) |
--msource |
no | Source data for processing (defaults to --tdest if collecting+processing) |
--mflush |
no | Delete contents of --mdest before processing |
--mef |
no | Module export format override |
Global / utility switches
| Switch | Description |
|---|---|
--sync |
Update Targets and Modules from the KapeFiles GitHub repo |
--tlist |
List all available Targets |
--mlist |
List all available Modules |
--gui |
Open progress in GUI window when launched from CLI |
--debug |
Verbose debug logging |
--trace |
Even more verbose tracing |
Example command lines
REM Triage collection
kape.exe --tsource C: --target KapeTriage --tdest E:\out\tdest --tflush
REM Collection with VSS + VHDX container
kape.exe --tsource C: --target !SANS_Triage --tdest E:\out\tdest --vss --vhdx HOST01 --tflush
REM Process an existing collection with all EZ Tools
kape.exe --msource E:\out\tdest\C --mdest E:\out\mdest --module !EZParser --mflush
REM Collect and parse in one run
kape.exe --tsource C: --target KapeTriage --tdest E:\out\tdest --mdest E:\out\mdest --module !EZParser --tflush --mflush
Batch mode
Place a _kape.cli file beside kape.exe. Each non-comment line is one full argument set; run kape.exe with no args to execute all lines.
Variables: %d = KAPE directory, %m = machine name.
--tsource C: --target KapeTriage --tdest %d\Disk\%m --vhdx %m
Config file types
| Extension | Purpose |
|---|---|
.tkape |
Target definition (what to collect) |
.mkape |
Module definition (how to process) |
_kape.cli |
Batch command file |
Output logs (chain of custody)
<timestamp>_CopyLog.csv— every file copied with source/dest and SHA-1<timestamp>_ConsoleLog.txt— full console output<timestamp>_SkipLog.csv— files skipped and why