mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 06:34:57 +03:00

Files

T

mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders

2026-03-10 21:02:12 +01:00

2.5 KiB

Raw Blame History

API Reference: MITRE ATT&CK Navigator APT Analysis

ATT&CK Navigator Layer Format

Layer JSON Structure

{
  "name": "APT29 - TTPs",
  "versions": {"attack": "14", "navigator": "4.9.1", "layer": "4.5"},
  "domain": "enterprise-attack",
  "techniques": [
    {
      "techniqueID": "T1566.001",
      "tactic": "initial-access",
      "color": "#ff6666",
      "score": 100,
      "comment": "Used by APT29",
      "enabled": true
    }
  ],
  "gradient": {"colors": ["#ffffff", "#ff6666"], "minValue": 0, "maxValue": 100}
}

ATT&CK STIX Data Access

Download Enterprise ATT&CK Bundle

curl -o enterprise-attack.json \
  https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json

STIX Object Types

Type	Description
`intrusion-set`	APT groups / threat actors
`attack-pattern`	Techniques and sub-techniques
`relationship`	Links groups to techniques (`uses`)
`malware`	Malware families
`tool`	Legitimate tools used by adversaries

mitreattack-python Library

Installation

pip install mitreattack-python

Query Group Techniques

from mitreattack.stix20 import MitreAttackData

attack = MitreAttackData("enterprise-attack.json")
groups = attack.get_groups()
for g in groups:
    techs = attack.get_techniques_used_by_group(g)
    print(f"{g.name}: {len(techs)} techniques")

Get Technique Details

technique = attack.get_object_by_attack_id("T1566.001", "attack-pattern")
print(technique.name)          # Spearphishing Attachment
print(technique.x_mitre_platforms)  # ['Windows', 'macOS', 'Linux']

Navigator CLI (attack-navigator)

Export Layer to SVG

npx attack-navigator-export \
  --layer layer.json \
  --output output.svg \
  --theme dark

ATT&CK API (TAXII)

from stix2 import TAXIICollectionSource, Filter
from taxii2client.v20 import Collection

collection = Collection(
    "https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/"
)
tc_source = TAXIICollectionSource(collection)
groups = tc_source.query([Filter("type", "=", "intrusion-set")])

Key APT Groups Reference

ID	Name	Known Aliases
G0016	APT29	Cozy Bear, The Dukes, NOBELIUM
G0007	APT28	Fancy Bear, Sofacy, Strontium
G0022	APT3	Gothic Panda, UPS
G0032	Lazarus Group	HIDDEN COBRA, Zinc
G0074	Dragonfly 2.0	Energetic Bear, Berserk Bear
G0010	Turla	Waterbug, Venomous Bear

2.5 KiB Raw Blame History

API Reference: MITRE ATT&CK Navigator APT Analysis

ATT&CK Navigator Layer Format

Layer JSON Structure

ATT&CK STIX Data Access

Download Enterprise ATT&CK Bundle

STIX Object Types

mitreattack-python Library

Installation

Query Group Techniques

Get Technique Details

Navigator CLI (attack-navigator)

Export Layer to SVG

ATT&CK API (TAXII)

Key APT Groups Reference

2.5 KiB

Raw Blame History