From cybersec-toolkit
Runs security chaos experiments that disable or degrade controls (WAF, firewall, logs, EDR) to validate SOC detection and response. Uses boto3 and subprocess for safe, rollback-enabled testing.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersec-toolkit:implementing-security-chaos-engineeringThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When deploying or configuring implementing security chaos engineering capabilities in your environment
Design and execute security chaos experiments that intentionally break security controls to verify that detection, alerting, and response systems work correctly.
# Example: Verify detection when a security group is opened
import boto3
ec2 = boto3.client("ec2")
# Chaos experiment: temporarily add 0.0.0.0/0 rule
ec2.authorize_security_group_ingress(
GroupId="sg-12345",
IpProtocol="tcp", FromPort=22, ToPort=22,
CidrIp="0.0.0.0/0",
)
# Verify: does GuardDuty/Config alert fire within SLA?
# Rollback: remove the rule after verification
Key experiments:
# Rollback function for safe experiment execution
def run_experiment(setup_fn, verify_fn, rollback_fn, timeout=300):
try:
setup_fn()
result = verify_fn(timeout)
finally:
rollback_fn()
return result
npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkitImplements security chaos engineering experiments that disable or degrade security controls (WAF, firewall, EDR, CloudTrail) to validate detection and response capabilities using AWS (boto3).
Implements security chaos engineering experiments using boto3 and subprocess to test WAF bypass, firewall removal, log disruption, and EDR disablement for SOC detection validation.
Implements security chaos engineering experiments using boto3 and subprocess to disrupt AWS controls like WAF bypass, firewall deletions, CloudTrail disable, and EDR tests. Verifies SOC detection coverage and resilience.