mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 20:55:17 +03:00
8cae0648ec
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):
- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
invocation, guardrails, model/data poisoning, system-prompt leakage,
embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration
Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
71 lines
2.4 KiB
Markdown
71 lines
2.4 KiB
Markdown
# NetExec (nxc) — API / Command Reference
|
|
|
|
## General Syntax
|
|
|
|
```
|
|
nxc [runtime options] <protocol> <target> [auth] [actions] [-M module] [-o KEY=val]
|
|
```
|
|
|
|
Supported protocols: `smb winrm mssql ldap ssh ftp wmi rdp vnc nfs`.
|
|
|
|
## Authentication Flags
|
|
|
|
| Flag | Description |
|
|
|------|-------------|
|
|
| `-u USER` | Username (or file of usernames) |
|
|
| `-p PASS` | Password (or file of passwords) |
|
|
| `-H HASH` | NT hash or `LM:NT` for pass-the-hash |
|
|
| `-d DOMAIN` | Target domain |
|
|
| `--local-auth` | Authenticate against the local SAM, not the domain |
|
|
| `-k` / `--use-kcache` | Kerberos auth using ccache (`KRB5CCNAME`) |
|
|
| `--continue-on-success` | Keep testing after a valid login (spraying) |
|
|
| `--no-bruteforce` | Pair user[i] with pass[i] instead of full matrix |
|
|
|
|
## SMB Actions
|
|
|
|
| Flag | Description |
|
|
|------|-------------|
|
|
| `--shares` | List accessible shares and permissions |
|
|
| `--users` / `--groups` | Enumerate domain users / groups |
|
|
| `--pass-pol` | Dump password / lockout policy |
|
|
| `--rid-brute [N]` | Enumerate accounts by RID cycling |
|
|
| `--loggedon-users` / `--sessions` | Show logged-on users / active sessions |
|
|
| `-x CMD` / `-X PS` | Execute shell / PowerShell command |
|
|
| `--exec-method M` | `smbexec`, `wmiexec`, `atexec`, `mmcexec` |
|
|
| `--sam` / `--lsa` | Dump SAM hashes / LSA secrets |
|
|
| `--ntds [vss\|drsuapi]` | Dump the domain NTDS.dit |
|
|
| `-M MODULE` | Run a module (e.g. `lsassy`, `spider_plus`) |
|
|
|
|
## LDAP Actions
|
|
|
|
| Flag | Description |
|
|
|------|-------------|
|
|
| `--kerberoasting FILE` | Request and save Kerberoastable hashes |
|
|
| `--asreproast FILE` | Request and save AS-REP roastable hashes |
|
|
| `--bloodhound --collection All` | Collect BloodHound data |
|
|
| `--trusted-for-delegation` | Find delegation-enabled accounts |
|
|
| `-M laps` | Read LAPS passwords |
|
|
|
|
## WinRM / MSSQL Actions
|
|
|
|
| Flag | Description |
|
|
|------|-------------|
|
|
| `winrm ... -X 'PScmd'` | Execute PowerShell over WinRM (5985/5986) |
|
|
| `mssql ... -q 'SQL'` | Run a SQL query |
|
|
| `mssql ... -x 'cmd'` | Execute OS command via xp_cmdshell |
|
|
|
|
## Modules and Workspace
|
|
|
|
```bash
|
|
nxc smb -L # list SMB modules
|
|
nxc smb -M lsassy --options # show module options
|
|
ls ~/.nxc/workspaces/ # SQLite result store
|
|
nxc smb <t> ... --log out.log # tee output to file
|
|
```
|
|
|
|
## External References
|
|
|
|
- NetExec Wiki: https://www.netexec.wiki/
|
|
- SMB protocol docs: https://www.netexec.wiki/smb-protocol/authentication
|
|
- Module list: https://www.netexec.wiki/
|