mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 05:34:55 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
2.8 KiB
2.8 KiB
API Reference: Implementing Zero Trust in Cloud
Libraries
boto3 (AWS Zero Trust Checks)
- Install:
pip install boto3 - IAM:
list_users(),list_mfa_devices(),get_account_summary() - EC2:
describe_instances(),describe_security_groups() - S3:
get_bucket_encryption(),get_public_access_block() - CloudTrail:
describe_trails(),get_trail_status()
azure-identity + azure-mgmt-authorization
- Install:
pip install azure-identity azure-mgmt-authorization AuthorizationManagementClient-- RBAC role assignmentsDefaultAzureCredential()-- Auto-detect auth
google-cloud-compute
- Install:
pip install google-cloud-compute FirewallsClient-- VPC firewall rules auditInstancesClient-- VM network configuration
Zero Trust Pillars (NIST SP 800-207)
| Pillar | Key Checks |
|---|---|
| Identity | MFA enforcement, least privilege, conditional access |
| Device | Compliance policies, MDM, certificate identity |
| Network | Micro-segmentation, private endpoints, no public IPs |
| Application | OAuth2/OIDC, API gateway auth, no VPN dependency |
| Data | Encryption at rest/transit, DLP, classification |
| Visibility | Centralized logging, SIEM, UEBA, real-time alerts |
AWS Zero Trust Services
| Service | Zero Trust Function |
|---|---|
| IAM Identity Center | Centralized identity and SSO |
| VPC PrivateLink | Private service connectivity |
| Verified Access | Identity-based application access |
| Security Hub | Continuous posture assessment |
| GuardDuty | Threat detection and monitoring |
| CloudTrail | API activity audit logging |
Azure Zero Trust Services
| Service | Zero Trust Function |
|---|---|
| Entra ID Conditional Access | Policy-based access decisions |
| Azure Private Link | Private endpoint connectivity |
| Microsoft Defender for Cloud | CSPM and CWP |
| Azure Sentinel | SIEM and SOAR |
GCP Zero Trust Services
| Service | Zero Trust Function |
|---|---|
| BeyondCorp Enterprise | Identity-Aware Proxy |
| VPC Service Controls | API-level perimeter |
| Binary Authorization | Container image trust |
| Security Command Center | Cloud posture management |
Maturity Levels
- Traditional: Perimeter-based, VPN-dependent, implicit trust
- Initial: Some identity verification, partial segmentation
- Advanced: Continuous verification, micro-segmentation, encrypted everywhere
External References
- NIST SP 800-207: https://csrc.nist.gov/pubs/sp/800/207/final
- Google BeyondCorp: https://cloud.google.com/beyondcorp
- AWS Verified Access: https://docs.aws.amazon.com/verified-access/
- Azure Zero Trust: https://learn.microsoft.com/en-us/security/zero-trust/
- CISA Zero Trust Maturity Model: https://www.cisa.gov/zero-trust-maturity-model