mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-16 07:53:18 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.4 KiB
1.4 KiB
name, description
| name | description |
|---|---|
| implementing-cloud-workload-protection | Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process anomaly detection, and file integrity checking on EC2/GCE instances. Scans for cryptomining, reverse shells, and unauthorized binaries. Use when building runtime security controls for cloud compute workloads. |
Implementing Cloud Workload Protection
Instructions
Monitor cloud workloads for runtime threats by checking process lists, network connections, file integrity, and resource utilization anomalies.
import boto3
ssm = boto3.client("ssm")
# Run command on EC2 instances to check for suspicious processes
response = ssm.send_command(
InstanceIds=["i-1234567890abcdef0"],
DocumentName="AWS-RunShellScript",
Parameters={"commands": ["ps aux | grep -E 'xmrig|minerd|cryptonight'"]},
)
Key protection areas:
- Process monitoring for cryptominers and reverse shells
- File integrity monitoring on critical system files
- Network connection auditing for C2 callbacks
- Resource utilization anomaly detection (CPU spikes)
- Unauthorized binary detection via hash comparison
Examples
# Check for unauthorized outbound connections
ssm.send_command(
InstanceIds=instances,
DocumentName="AWS-RunShellScript",
Parameters={"commands": ["ss -tlnp | grep ESTABLISHED"]},
)