creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-ransomware-response/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

48 lines
2.0 KiB
Markdown
Raw Blame History

# API Reference: Ransomware Response
## Ransomware Identification Services
| Service | URL | Purpose |
|---------|-----|---------|
| ID Ransomware | https://id-ransomware.malwarehunterteam.com/ | Upload ransom note or sample for identification |
| NoMoreRansom | https://www.nomoreransom.org/en/decryption-tools.html | Free decryption tools |
| CISA StopRansomware | https://www.cisa.gov/stopransomware | Federal guidance and resources |
## OFAC Sanctions Screening
| Resource | URL | Purpose |
|----------|-----|---------|
| OFAC SDN List | https://sanctionssearch.ofac.treas.gov/ | Check if ransomware group is sanctioned |
| OFAC Advisory | https://home.treasury.gov/policy-issues/financial-sanctions | Ransomware payment guidance |
## Key Containment Commands
| Action | Command | Description |
|--------|---------|-------------|
| Block SMB | `netsh advfirewall firewall add rule name="Block SMB" dir=in action=block protocol=TCP localport=445` | Block lateral movement |
| Block RDP | `netsh advfirewall firewall add rule name="Block RDP" dir=in action=block protocol=TCP localport=3389` | Block RDP |
| Disable account | `Disable-ADAccount -Identity <username>` | Disable compromised AD account |
## Recovery Validation
| Check | Command | Description |
|-------|---------|-------------|
| Backup integrity | `veeamcli verify` | Verify backup is not encrypted |
| Password reset | `Set-ADAccountPassword` | Reset all domain passwords |
| DC health | `dcdiag /v` | Validate rebuilt domain controller |
## Python Libraries
| Library | Version | Purpose |
|---------|---------|---------|
| `requests` | >=2.28 | Query ransomware identification APIs |
| `hashlib` | stdlib | Hash encrypted file samples |
| `json` | stdlib | Incident tracking and reporting |
## References
- CISA Ransomware Guide: https://www.cisa.gov/stopransomware/ransomware-guide
- NIST SP 1800-26: https://www.nccoe.nist.gov/data-integrity-recovering-ransomware
- NoMoreRansom: https://www.nomoreransom.org/
- Veeam recovery: https://www.veeam.com/ransomware-recovery.html
Reference in New Issue View Git Blame Copy Permalink