mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-26 19:54:37 +03:00
mukul975
8cae0648ec
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):
- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
invocation, guardrails, model/data poisoning, system-prompt leakage,
embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration
Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
55 lines
2.2 KiB
Markdown
55 lines
2.2 KiB
Markdown
# API and Command Reference
|
|
|
|
## GuardDog (DataDog/guarddog)
|
|
|
|
Install: `pip install guarddog` | Docker: `ghcr.io/datadog/guarddog`
|
|
|
|
### Subcommands
|
|
| Command | Description |
|
|
|---------|-------------|
|
|
| `guarddog npm scan <pkg>` | Scan latest version from registry. |
|
|
| `guarddog npm scan <pkg> --version X.Y.Z` | Scan a specific version. |
|
|
| `guarddog npm scan <path.tgz \| dir>` | Scan a local tarball or extracted directory. |
|
|
| `guarddog npm verify <package.json>` | Scan every dependency in a manifest. |
|
|
| `guarddog pypi scan <pkg>` | Same for PyPI. |
|
|
| `guarddog go scan <module>` / `guarddog go verify go.mod` | Go modules. |
|
|
| `guarddog rubygems scan <gem>` | RubyGems. |
|
|
|
|
### Common flags
|
|
| Flag | Description |
|
|
|------|-------------|
|
|
| `--output-format=json` | Machine-readable JSON. |
|
|
| `--output-format=sarif` | SARIF for GitHub code scanning. |
|
|
| `--rules <rule>` (repeatable) | Run only the named rule(s). |
|
|
| `--exclude-rules <rule>` | Exclude the named rule(s). |
|
|
| `--log-level debug` | Verbose diagnostics. |
|
|
|
|
### Key npm heuristics
|
|
| Rule | Detects |
|
|
|------|---------|
|
|
| `npm-install-script` | preinstall/install/postinstall lifecycle scripts. |
|
|
| `npm-serialize-environment` | Exfiltration of environment variables. |
|
|
| `npm-exec-base64` | eval of base64-decoded payloads. |
|
|
| `npm-silent-process-execution` | Silent child-process execution. |
|
|
| `npm-obfuscation` | Common obfuscation patterns. |
|
|
| `shady-links` | Suspicious URLs in code. |
|
|
| `typosquatting` | Name similar to a popular package. |
|
|
| `potentially_compromised_email_domain` | Maintainer email on a lapsed domain. |
|
|
|
|
## OSV-Scanner
|
|
|
|
| Command | Description |
|
|
|---------|-------------|
|
|
| `osv-scanner --lockfile=package-lock.json` | Match pinned versions to OSV advisories incl. `MAL-` malicious entries. |
|
|
| `osv-scanner -r <dir>` | Recursively scan a directory. |
|
|
| `osv-scanner --format json` | JSON output. |
|
|
|
|
## npm acquisition (no execution)
|
|
|
|
| Command | Description |
|
|
|---------|-------------|
|
|
| `npm pack <pkg>@<ver>` | Download tarball without installing. |
|
|
| `npm view <pkg>@<ver> dist.tarball` | Print the tarball URL. |
|
|
| `npm install --ignore-scripts` | Install while skipping lifecycle scripts. |
|
|
| `jq '.scripts' package/package.json` | List lifecycle hooks. |
|