creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-26 19:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
fd0f0e702a404e96fdf85b37864a7f68bf0bca46
Anthropic-Cybersecurity-Skills/skills/implementing-security-chaos-engineering/SKILL.md
T
mukul975 cb8d79e068 Map all 754 skills to MITRE ATT&CK v19.1 
- Add validated mitre_attack frontmatter to all 754 skills (286 distinct
  techniques), verified against MITRE ATT&CK v19.1 via the official
  mitreattack-python library: 0 revoked, deprecated, or invalid IDs
- Curate precise per-skill technique IDs for forensics, malware-analysis,
  threat-intel, and red-team skills (e.g. DCSync -> T1003.006,
  Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003)
- Reconcile v19.1 tactic restructuring: Defense Evasion split into
  Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.*
  family and T1070.001/.002 remapped to active equivalents (T1685.*)
- Normalize word-split tags across 35 skills (remove filename-derived
  stopword tags, add semantic cybersecurity tags)
- Add api-reference.md for 3 skills that were missing it
- Update README ATT&CK section with accurate v19.1 tactic distribution
2026-06-01 12:13:29 +02:00

2.5 KiB
Raw Blame History

name, description, domain, subdomain, tags, version, author, license, nist_ai_rmf, atlas_techniques, nist_csf, mitre_attack
name description domain subdomain tags version author license nist_ai_rmf atlas_techniques nist_csf mitre_attack
implementing-security-chaos-engineering Implements security chaos engineering experiments that deliberately disable or degrade security controls to verify detection and response capabilities. Tests WAF bypass, firewall rule removal, log pipeline disruption, and EDR disablement scenarios using boto3 and subprocess. Use when validating SOC detection coverage and resilience. cybersecurity security-operations
security-chaos-engineering
detection-validation
resilience-testing
control-validation
security-operations
1.0 mahipal Apache-2.0
MEASURE-2.7
MAP-5.1
MANAGE-2.4
AML.T0070
AML.T0066
AML.T0082
DE.CM-01
RS.MA-01
GV.OV-01
DE.AE-02
T1078
T1190
T1059
T1027
T1070

Implementing Security Chaos Engineering

When to Use

  • When deploying or configuring implementing security chaos engineering capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

  • Familiarity with security operations concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities

Instructions

Design and execute security chaos experiments that intentionally break security controls to verify that detection, alerting, and response systems work correctly.

# Example: Verify detection when a security group is opened
import boto3
ec2 = boto3.client("ec2")

# Chaos experiment: temporarily add 0.0.0.0/0 rule
ec2.authorize_security_group_ingress(
    GroupId="sg-12345",
    IpProtocol="tcp", FromPort=22, ToPort=22,
    CidrIp="0.0.0.0/0",
)
# Verify: does GuardDuty/Config alert fire within SLA?
# Rollback: remove the rule after verification

Key experiments:

  1. Open a security group and verify Config Rule alerts
  2. Disable CloudTrail and verify detection time
  3. Create IAM admin user and verify alert triggers
  4. Simulate log pipeline failure and check monitoring gaps
  5. Deploy test malware hash and verify EDR response

Examples

# Rollback function for safe experiment execution
def run_experiment(setup_fn, verify_fn, rollback_fn, timeout=300):
    try:
        setup_fn()
        result = verify_fn(timeout)
    finally:
        rollback_fn()
    return result
Reference in New Issue View Git Blame Copy Permalink