creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-16 16:03:17 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-service-account-audit/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

56 lines
2.2 KiB
Markdown
Raw Blame History

# API Reference: Service Account Audit
## Active Directory PowerShell Cmdlets
| Cmdlet | Description |
|--------|-------------|
| `Get-ADUser -Filter {ServicePrincipalName -ne '$null'}` | Find accounts with SPNs |
| `Get-ADServiceAccount -Filter *` | List managed service accounts |
| `Get-ADGroupMember -Identity "Domain Admins"` | List privileged group members |
| `Search-ADAccount -PasswordNeverExpires` | Find non-expiring passwords |
| `Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00` | Find inactive accounts |
## AWS IAM CLI Commands
| Command | Description |
|---------|-------------|
| `aws iam list-users` | List all IAM users |
| `aws iam list-access-keys --user-name <name>` | List access keys for user |
| `aws iam get-access-key-last-used --access-key-id <id>` | Check key last used date |
| `aws iam list-user-policies --user-name <name>` | List inline policies |
| `aws iam list-attached-user-policies --user-name <name>` | List managed policies |
| `aws iam generate-credential-report` | Generate credential report |
## Azure CLI Commands
| Command | Description |
|---------|-------------|
| `az ad sp list --all` | List all service principals |
| `az ad app list --all` | List all app registrations |
| `az ad app credential list --id <app-id>` | List credential expiration |
## Risk Classification
| Level | Score Range | Criteria |
|-------|------------|----------|
| Critical | >= 40 | Domain admin + stale password + no owner |
| High | 25-39 | Privileged group membership or orphaned |
| Medium | 10-24 | Password age exceeded or PasswordNeverExpires |
| Low | 0-9 | Standard permissions, managed credentials |
## Python Libraries
| Library | Version | Purpose |
|---------|---------|---------|
| `subprocess` | stdlib | Execute PowerShell and AWS CLI commands |
| `json` | stdlib | Parse CLI output |
| `ldap3` | >=2.9 | Direct LDAP queries to Active Directory |
| `boto3` | >=1.26 | AWS IAM programmatic access |
## References
- NIST SP 800-53 AC-2: Account Management
- CIS Benchmark for Active Directory
- AWS IAM Best Practices: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
- Microsoft gMSA: https://learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview
Reference in New Issue View Git Blame Copy Permalink