Anthropic-Cybersecurity-Skills/skills/implementing-security-chaos-engineering/SKILL.md

---
name: implementing-security-chaos-engineering
description: >
  Implements security chaos engineering experiments that deliberately disable or degrade
  security controls to verify detection and response capabilities. Tests WAF bypass,
  firewall rule removal, log pipeline disruption, and EDR disablement scenarios using
  boto3 and subprocess. Use when validating SOC detection coverage and resilience.
domain: cybersecurity
subdomain: security-operations
tags: [implementing, security, chaos, engineering]
version: "1.0"
author: mahipal
license: MIT
---

# Implementing Security Chaos Engineering

## Instructions

Design and execute security chaos experiments that intentionally break security
controls to verify that detection, alerting, and response systems work correctly.

```python
# Example: Verify detection when a security group is opened
import boto3
ec2 = boto3.client("ec2")

# Chaos experiment: temporarily add 0.0.0.0/0 rule
ec2.authorize_security_group_ingress(
    GroupId="sg-12345",
    IpProtocol="tcp", FromPort=22, ToPort=22,
    CidrIp="0.0.0.0/0",
)
# Verify: does GuardDuty/Config alert fire within SLA?
# Rollback: remove the rule after verification
```

Key experiments:
1. Open a security group and verify Config Rule alerts
2. Disable CloudTrail and verify detection time
3. Create IAM admin user and verify alert triggers
4. Simulate log pipeline failure and check monitoring gaps
5. Deploy test malware hash and verify EDR response

## Examples

```python
# Rollback function for safe experiment execution
def run_experiment(setup_fn, verify_fn, rollback_fn, timeout=300):
    try:
        setup_fn()
        result = verify_fn(timeout)
    finally:
        rollback_fn()
    return result
```