mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 10:03:42 +03:00
8cae0648ec
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):
- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
invocation, guardrails, model/data poisoning, system-prompt leakage,
embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration
Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
3.0 KiB
3.0 KiB
ROADtools Command Reference
ROADrecon
| Command | Purpose | Key flags |
|---|---|---|
roadrecon auth |
Authenticate to Entra ID | -u user, -p password, --device-code, --access-token, --refresh-token, --prt, --prt-sessionkey, --prt-cookie, --prt-init |
roadrecon gather |
Gather directory into roadrecon.db | --mfa (needs privileged role) |
roadrecon gui |
Launch Angular GUI (http://127.0.0.1:5000) | — |
roadrecon plugin policies |
Analyze conditional-access policies | -f file, -p |
roadrecon plugin bloodhound |
Export to BloodHound format | — |
Auth state is stored in .roadtools_auth; directory data in roadrecon.db.
roadtx (ROADtools Token eXchange)
Token acquisition
| Command | Purpose | Key flags |
|---|---|---|
roadtx gettokens |
Acquire tokens (ROPC / refresh) | -u, -p, -c client, -r resource, -s scope, --refresh-token, --cae, --tokens-stdout |
roadtx interactiveauth |
Interactive (browser) auth | -u, -p, -c, -r, -ru redirect-url |
roadtx codeauth |
Exchange auth code for tokens | — |
roadtx refreshtokento |
Convert stored RT to another resource | -r, -s, -c |
roadtx appauth |
App (client-credential) auth | -c, -p secret, -t tenant, -r, -s, --cert-pem, --key-pem, --cert-pfx, --pfx-pass |
roadtx federatedappauth |
Federated app auth (workload identity) | -c, --cert-pem, --key-pem, --subject, -t, --issuer, -s, --kid |
Device + PRT
| Command | Purpose | Key flags |
|---|---|---|
roadtx device |
Register/delete a device | -n name, -a action, -c cert, -k key |
roadtx hybriddevice |
Register hybrid-joined device | — |
roadtx prt |
Request/renew a PRT | -u, -p, --key-pem, --cert-pem, -a action, -r refresh-token |
roadtx prtauth |
Auth a client using a PRT | -c, -r, -f prt-file, --prt, --prt-sessionkey, --tokens-stdout |
roadtx browserprtauth |
Browser auth using PRT | -url, -c, -r, -f |
roadtx browserprtinject |
Inject PRT compliance claims | -u, -r, -c |
roadtx prtenrich |
Add MFA claim to PRT | -u |
roadtx prtcookie |
Mint browser cookie from PRT | — |
Utility
| Command | Purpose | Key flags |
|---|---|---|
roadtx describe |
Decode token claims | -t token (or stdin) |
roadtx decrypt |
Decrypt JWE tokens | — |
roadtx getscope |
Find clients holding a scope | -s, --foci |
roadtx getotp |
Generate TOTP from a seed | <seed> |
roadtx listaliases |
List client/resource aliases | — |
roadtx keepassauth |
Selenium auth from KeePass | -c, -u, -kp, -kpp, -url, --keep-open |
roadtx sharepointlogin |
Authenticate to SharePoint/OneDrive | <token>, --host |
Common client (-c) and resource (-r) aliases
Clients: azcli, msteams, msgraph (as client where applicable), office, broker.
Resources: msgraph, azrm, aadgraph, devicereg. Use roadtx listaliases for the full list.