mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-26 19:54:37 +03:00
mukul975
8cae0648ec
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):
- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
invocation, guardrails, model/data poisoning, system-prompt leakage,
embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration
Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
1.8 KiB
1.8 KiB
Standards and Framework Mapping
NIST Cybersecurity Framework 2.0
| ID | Name | Rationale |
|---|---|---|
| PR.DS-02 | The confidentiality, integrity, and availability of data-in-transit are protected | Hybrid PQC key exchange (X25519MLKEM768) protects data in transit against harvest-now-decrypt-later attacks by a future CRQC. |
MITRE ATT&CK
| ID | Name | Rationale |
|---|---|---|
| T1573 | Encrypted Channel | Migration hardens the encrypted channels protecting data in transit; cryptographic inventory of these channels also underpins detection of adversary encrypted C2. |
| T1573.001 | Encrypted Channel: Symmetric Cryptography | AES/symmetric ciphers — quantum-weakened by Grover and hardened via 256-bit keys. |
| T1573.002 | Encrypted Channel: Asymmetric Cryptography | RSA/ECDH — the asymmetric primitives broken by Shor's algorithm and replaced by ML-KEM. |
NIST Post-Quantum Standards (finalized 13 Aug 2024)
| Standard | Algorithm | Former name | Purpose |
|---|---|---|---|
| FIPS 203 | ML-KEM (Module-Lattice KEM) | CRYSTALS-Kyber | Key encapsulation / establishment |
| FIPS 204 | ML-DSA (Module-Lattice DSA) | CRYSTALS-Dilithium | Primary digital signatures |
| FIPS 205 | SLH-DSA (Stateless Hash-based DSA) | SPHINCS+ | Conservative backup signatures |
Migration Guidance
| Reference | Rationale |
|---|---|
| NIST SP 1800-38 (NCCoE, Migration to Post-Quantum Cryptography) | Crypto-discovery test plan, CBOM-driven inventory, and migration architecture across CI/CD, operational systems, and network services. |
| Mosca's inequality | Prioritization rule: migrate when data_lifetime + migration_time > time_to_CRQC. |
| CycloneDX 1.6 CBOM | Cryptography Bill of Materials object model for inventory and dependency tracking. |