Implements security chaos engineering experiments using boto3 and subprocess to disrupt AWS controls like WAF bypass, firewall deletions, CloudTrail disable, and EDR tests. Verifies SOC detection coverage and resilience.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
设计并执行安全混沌实验,有意破坏安全控制措施,以验证检测、告警和响应系统是否正常工作。
Implements AWS security chaos experiments with boto3 to disable controls like firewalls, logs, EDR and verify SOC detection. For testing resilience in lab environments.
Implements security chaos engineering experiments using boto3 and subprocess to test WAF bypass, firewall removal, log disruption, and EDR disablement for SOC detection validation.
Guides deployment and operation of Amazon GuardDuty for continuous AWS threat detection on S3, EKS, EC2 runtime monitoring, and Lambda. Covers finding severity interpretation and EventBridge/Lambda response automation.
Share bugs, ideas, or general feedback.
设计并执行安全混沌实验,有意破坏安全控制措施,以验证检测、告警和响应系统是否正常工作。
# 示例:验证安全组被开放时的检测能力
import boto3
ec2 = boto3.client("ec2")
# 混沌实验:临时添加 0.0.0.0/0 规则
ec2.authorize_security_group_ingress(
GroupId="sg-12345",
IpProtocol="tcp", FromPort=22, ToPort=22,
CidrIp="0.0.0.0/0",
)
# 验证:GuardDuty/Config 告警是否在 SLA 内触发?
# 回滚:验证后删除规则
关键实验:
# 安全实验执行的回滚函数
def run_experiment(setup_fn, verify_fn, rollback_fn, timeout=300):
try:
setup_fn()
result = verify_fn(timeout)
finally:
rollback_fn()
return result