creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
2438c229724381b5497e9d4bfb0f157f81bf774d
Anthropic-Cybersecurity-Skills/skills/detecting-cloud-cryptomining-activity.bak/references/api-reference.md
T
mukul975 c47eed6a64 Production hardening: security fixes, code quality, 724 skills complete 
- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
2026-03-19 13:26:49 +01:00

2.1 KiB
Raw Blame History

Cloud Cryptomining Detection API Reference

GuardDuty - Cryptocurrency Finding Types

Finding Type Signal
CryptoCurrency:EC2/BitcoinTool.B!DNS EC2 querying crypto domains
CryptoCurrency:EC2/BitcoinTool.B EC2 communicating with mining pools
CryptoCurrency:Runtime/BitcoinTool.B!DNS Container DNS to mining domain
CryptoCurrency:Runtime/BitcoinTool.B Container network to mining pool
Impact:EC2/BitcoinDomainRequest.Reputation Known mining domain access

GuardDuty CLI

# Get detector ID
aws guardduty list-detectors --query 'DetectorIds[0]' --output text

# List crypto findings
aws guardduty list-findings --detector-id $DET \
  --finding-criteria '{"Criterion":{"type":{"Eq":["CryptoCurrency:EC2/BitcoinTool.B!DNS"]}}}'

# Get finding details
aws guardduty get-findings --detector-id $DET --finding-ids id1 id2

AWS Cost Anomaly Detection

# Create cost anomaly monitor
aws ce create-anomaly-monitor --anomaly-monitor '{
  "MonitorName": "EC2CostSpike",
  "MonitorType": "DIMENSIONAL",
  "MonitorDimension": "SERVICE"
}'

# Create alert subscription
aws ce create-anomaly-subscription --anomaly-subscription '{
  "SubscriptionName": "CryptoAlert",
  "MonitorArnList": ["arn:aws:ce::123456789012:anomalymonitor/monitor-id"],
  "Subscribers": [{"Address": "soc@company.com", "Type": "EMAIL"}],
  "Threshold": 100.0,
  "Frequency": "IMMEDIATE"
}'

Known Mining Pool Ports

3333   - Stratum protocol (common)
4444   - Mining proxy
5555   - Monero (XMR)
7777   - Alt-coin mining
8888   - Multi-pool
9999   - Mining proxy
14444  - XMRig default
45700  - MoneroOcean

VPC Flow Logs Query (CloudWatch Insights)

fields @timestamp, srcaddr, dstaddr, dstport, action
| filter dstport in [3333, 4444, 5555, 7777, 14444, 45700]
| sort @timestamp desc
| limit 50

EC2 Instance Remediation

# Terminate mining instance
aws ec2 terminate-instances --instance-ids i-0123456789abcdef0

# Revoke security group ingress on mining ports
aws ec2 revoke-security-group-ingress --group-id sg-xxx \
  --protocol tcp --port 3333 --cidr 0.0.0.0/0
Reference in New Issue View Git Blame Copy Permalink