Implements runtime security monitoring for EC2/GCE instances using boto3 and google-cloud APIs. Detects crypto miners, reverse shells, unauthorized binaries; checks file integrity and network connections. For cloud workload protection.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
通过检查进程列表、网络连接、文件完整性和资源利用率异常,监控云工作负载的运行时威胁。
Implements runtime security for EC2/GCE instances using boto3/Google Cloud APIs: detects cryptominers, reverse shells, file changes, and unauthorized binaries via process/network scans.
Implements cloud workload protection using boto3/google-cloud APIs for EC2/GCE runtime security: process anomaly detection, file integrity monitoring, cryptomining/reverse shell scans.
Detects and responds to unauthorized cryptomining in AWS (EC2/ECS/EKS via GuardDuty) and Azure clouds using cost anomalies, mining pool traffic, and runtime process monitoring.
Share bugs, ideas, or general feedback.
通过检查进程列表、网络连接、文件完整性和资源利用率异常,监控云工作负载的运行时威胁。
import boto3
ssm = boto3.client("ssm")
# 在 EC2 实例上运行命令以检查可疑进程
response = ssm.send_command(
InstanceIds=["i-1234567890abcdef0"],
DocumentName="AWS-RunShellScript",
Parameters={"commands": ["ps aux | grep -E 'xmrig|minerd|cryptonight'"]},
)
关键保护领域:
# 检查未经授权的出站连接
ssm.send_command(
InstanceIds=instances,
DocumentName="AWS-RunShellScript",
Parameters={"commands": ["ss -tlnp | grep ESTABLISHED"]},
)