mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 20:55:17 +03:00
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.8 KiB
1.8 KiB
Full-Scope Red Team Engagement — API Reference
Libraries
| Library | Install | Purpose |
|---|---|---|
| attackcti | pip install attackcti |
MITRE ATT&CK STIX/TAXII client for technique enumeration |
| impacket | pip install impacket |
AD attack tools (secretsdump, psexec, wmiexec) |
| requests | pip install requests |
HTTP client for C2 API integration |
Key attackcti Methods
| Method | Description |
|---|---|
attack_client() |
Initialize MITRE ATT&CK client |
client.get_enterprise_techniques() |
List all Enterprise techniques |
client.get_enterprise_mitigations() |
List mitigations |
client.get_groups() |
List threat actor groups |
client.get_software() |
List tools and malware |
Engagement Phases (PTES Framework)
| Phase | Duration | Key Activities |
|---|---|---|
| Pre-engagement | 1-2 weeks | Scoping, RoE, legal agreements |
| Reconnaissance | 3-5 days | OSINT, footprinting, enumeration |
| Initial Access | 5-7 days | Phishing, exploits, physical |
| Post-exploitation | 5-7 days | Lateral movement, persistence, privilege escalation |
| Objective | 2-3 days | Crown jewel access, exfiltration simulation |
| Reporting | 3-5 days | Findings, remediation, executive brief |
C2 Frameworks
| Framework | Type | Protocol |
|---|---|---|
| Cobalt Strike | Commercial | HTTPS, DNS, SMB |
| Sliver | Open source | mTLS, HTTPS, DNS, WireGuard |
| Mythic | Open source | HTTP, websocket, custom |