mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-26 19:54:37 +03:00
mukul975
8cae0648ec
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):
- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
invocation, guardrails, model/data poisoning, system-prompt leakage,
embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration
Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2.2 KiB
2.2 KiB
API and Command Reference
GuardDog (DataDog/guarddog)
Install: pip install guarddog | Docker: ghcr.io/datadog/guarddog
Subcommands
| Command | Description |
|---|---|
guarddog npm scan <pkg> |
Scan latest version from registry. |
guarddog npm scan <pkg> --version X.Y.Z |
Scan a specific version. |
guarddog npm scan <path.tgz | dir> |
Scan a local tarball or extracted directory. |
guarddog npm verify <package.json> |
Scan every dependency in a manifest. |
guarddog pypi scan <pkg> |
Same for PyPI. |
guarddog go scan <module> / guarddog go verify go.mod |
Go modules. |
guarddog rubygems scan <gem> |
RubyGems. |
Common flags
| Flag | Description |
|---|---|
--output-format=json |
Machine-readable JSON. |
--output-format=sarif |
SARIF for GitHub code scanning. |
--rules <rule> (repeatable) |
Run only the named rule(s). |
--exclude-rules <rule> |
Exclude the named rule(s). |
--log-level debug |
Verbose diagnostics. |
Key npm heuristics
| Rule | Detects |
|---|---|
npm-install-script |
preinstall/install/postinstall lifecycle scripts. |
npm-serialize-environment |
Exfiltration of environment variables. |
npm-exec-base64 |
eval of base64-decoded payloads. |
npm-silent-process-execution |
Silent child-process execution. |
npm-obfuscation |
Common obfuscation patterns. |
shady-links |
Suspicious URLs in code. |
typosquatting |
Name similar to a popular package. |
potentially_compromised_email_domain |
Maintainer email on a lapsed domain. |
OSV-Scanner
| Command | Description |
|---|---|
osv-scanner --lockfile=package-lock.json |
Match pinned versions to OSV advisories incl. MAL- malicious entries. |
osv-scanner -r <dir> |
Recursively scan a directory. |
osv-scanner --format json |
JSON output. |
npm acquisition (no execution)
| Command | Description |
|---|---|
npm pack <pkg>@<ver> |
Download tarball without installing. |
npm view <pkg>@<ver> dist.tarball |
Print the tarball URL. |
npm install --ignore-scripts |
Install while skipping lifecycle scripts. |
jq '.scripts' package/package.json |
List lifecycle hooks. |