creator/Anthropic-Cybersecurity-Skills

mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00

Files

T

mukul975 90d93af814 Fix SKILL.md frontmatter: add missing domain/subdomain/tags/version/author/license fields, fix name=None entries — all 649 skills now pass CI validation

2026-03-11 00:26:05 +01:00

1.5 KiB

Raw Blame History

name, description, domain, subdomain, tags, version, author, license

name

description

domain

subdomain

tags

version

author

license

implementing-cloud-workload-protection

Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process anomaly detection, and file integrity checking on EC2/GCE instances. Scans for cryptomining, reverse shells, and unauthorized binaries. Use when building runtime security controls for cloud compute workloads.

cybersecurity

cloud-security

implementing

cloud

workload

protection

1.0

mahipal

MIT

Implementing Cloud Workload Protection

Instructions

Monitor cloud workloads for runtime threats by checking process lists, network connections, file integrity, and resource utilization anomalies.

import boto3

ssm = boto3.client("ssm")
# Run command on EC2 instances to check for suspicious processes
response = ssm.send_command(
    InstanceIds=["i-1234567890abcdef0"],
    DocumentName="AWS-RunShellScript",
    Parameters={"commands": ["ps aux | grep -E 'xmrig|minerd|cryptonight'"]},
)

Key protection areas:

Process monitoring for cryptominers and reverse shells
File integrity monitoring on critical system files
Network connection auditing for C2 callbacks
Resource utilization anomaly detection (CPU spikes)
Unauthorized binary detection via hash comparison

Examples

# Check for unauthorized outbound connections
ssm.send_command(
    InstanceIds=instances,
    DocumentName="AWS-RunShellScript",
    Parameters={"commands": ["ss -tlnp | grep ESTABLISHED"]},
)