mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-26 11:44:37 +03:00
mukul975
cb8d79e068
- Add validated mitre_attack frontmatter to all 754 skills (286 distinct techniques), verified against MITRE ATT&CK v19.1 via the official mitreattack-python library: 0 revoked, deprecated, or invalid IDs - Curate precise per-skill technique IDs for forensics, malware-analysis, threat-intel, and red-team skills (e.g. DCSync -> T1003.006, Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003) - Reconcile v19.1 tactic restructuring: Defense Evasion split into Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.* family and T1070.001/.002 remapped to active equivalents (T1685.*) - Normalize word-split tags across 35 skills (remove filename-derived stopword tags, add semantic cybersecurity tags) - Add api-reference.md for 3 skills that were missing it - Update README ATT&CK section with accurate v19.1 tactic distribution
2.3 KiB
2.3 KiB
name, description, domain, subdomain, tags, version, author, license, nist_csf, mitre_attack
| name | description | domain | subdomain | tags | version | author | license | nist_csf | mitre_attack | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| implementing-cloud-workload-protection | Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process anomaly detection, and file integrity checking on EC2/GCE instances. Scans for cryptomining, reverse shells, and unauthorized binaries. Use when building runtime security controls for cloud compute workloads. | cybersecurity | cloud-security |
|
1.0 | mahipal | Apache-2.0 |
|
|
Implementing Cloud Workload Protection
When to Use
- When deploying or configuring implementing cloud workload protection capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
Prerequisites
- Familiarity with cloud security concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
Instructions
Monitor cloud workloads for runtime threats by checking process lists, network connections, file integrity, and resource utilization anomalies.
import boto3
ssm = boto3.client("ssm")
# Run command on EC2 instances to check for suspicious processes
response = ssm.send_command(
InstanceIds=["i-1234567890abcdef0"],
DocumentName="AWS-RunShellScript",
Parameters={"commands": ["ps aux | grep -E 'xmrig|minerd|cryptonight'"]},
)
Key protection areas:
- Process monitoring for cryptominers and reverse shells
- File integrity monitoring on critical system files
- Network connection auditing for C2 callbacks
- Resource utilization anomaly detection (CPU spikes)
- Unauthorized binary detection via hash comparison
Examples
# Check for unauthorized outbound connections
ssm.send_command(
InstanceIds=instances,
DocumentName="AWS-RunShellScript",
Parameters={"commands": ["ss -tlnp | grep ESTABLISHED"]},
)