mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-26 19:54:37 +03:00
mukul975
8cae0648ec
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):
- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
invocation, guardrails, model/data poisoning, system-prompt leakage,
embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration
Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2.2 KiB
2.2 KiB
BloodHound CE Collectors & API Reference
SharpHound (CE / .NET collector)
| Flag | Purpose |
|---|---|
-c, --collectionmethods <m> |
Methods: All, DCOnly, Session, LocalAdmin, ACL, Trusts, Group, GPOLocalGroup, Container, CertServices |
--outputdirectory <dir> |
Directory to write the output ZIP |
-d, --domain <fqdn> |
Target domain |
--loop |
Repeat session collection in a loop |
--loopduration HH:MM:SS |
How long to loop |
--zipfilename <name> |
Name of output ZIP |
--ldapusername / --ldappassword |
Alternate LDAP credentials |
--stealth |
Reduced-footprint collection |
bloodhound-ce-python (Linux)
| Flag | Purpose |
|---|---|
-u <user> |
Username |
-p <pass> |
Password |
-d <domain> |
Domain FQDN |
-ns <ip> |
Nameserver (DC IP) |
-c All |
Collection methods |
--zip |
Compress output into a ZIP |
-k |
Use Kerberos authentication |
AzureHound (Entra ID / Azure RM)
| Flag | Purpose |
|---|---|
list |
Subcommand: collect all supported data |
-u <user> |
Username |
-p <pass> |
Password |
-t <tenant> |
Tenant domain or ID |
--jwt <token> |
Authenticate with an acquired JWT |
--refresh-token <rt> |
Authenticate with a refresh token |
-o <file> |
Output JSON file |
BloodHound CE REST API (selected endpoints)
| Method | Endpoint | Purpose |
|---|---|---|
| POST | /api/v2/login |
Obtain a session JWT (login_method: secret) |
| POST | /api/v2/file-upload/start |
Begin a file-ingest job |
| PUT | /api/v2/file-upload/{id} |
Upload collector ZIP/JSON to the job |
| POST | /api/v2/file-upload/{id}/end |
Finalize and trigger ingestion |
| POST | /api/v2/graphs/cypher |
Run a Cypher query, return graph data |
| GET | /api/v2/domains |
List ingested domains |
| GET | /api/v2/pathfinding |
Pathfinding between two nodes |
Common Cypher snippets
// Owned -> Domain Admins (RID 512)
MATCH p=shortestPath((n {owned:true})-[*1..]->(g:Group)) WHERE g.objectid ENDS WITH "-512" RETURN p
// Unconstrained delegation computers
MATCH (c:Computer {unconstraineddelegation:true}) RETURN c.name
// Entra Global Admins
MATCH p=(n)-[:AZGlobalAdmin*1..]->(:AZTenant) RETURN p