login
hyperb1iss

security

by @hyperb1iss in AI & LLM
0
0
# Install this skill:
npx skills add hyperb1iss/hyperskills --skill "security"

Install specific skill from multi-skill repository

# Description

Use this skill when doing security reviews, penetration testing, threat modeling, compliance work, or incident response. Activates on mentions of security audit, vulnerability, penetration test, pentest, OWASP, CVE, security review, threat model, zero trust, SOC 2, HIPAA, GDPR, compliance, incident response, SBOM, supply chain security, secrets management, or authentication security.

# SKILL.md

name: security
description: Use this skill when doing security reviews, penetration testing, threat modeling, compliance work, or incident response. Activates on mentions of security audit, vulnerability, penetration test, pentest, OWASP, CVE, security review, threat model, zero trust, SOC 2, HIPAA, GDPR, compliance, incident response, SBOM, supply chain security, secrets management, or authentication security.

Security Operations

Secure systems from design through deployment and incident response.

Quick Reference

Security Architecture Principles

Zero Trust Model:

  1. Never trust, always verify
  2. Assume breach
  3. Verify explicitly
  4. Least privilege access
  5. Micro-segmentation

SLSA Framework (Supply Chain):

  • Level 1: Documentation
  • Level 2: Hosted build, signed provenance
  • Level 3: Hardened builds, 2-person review
  • Level 4: Hermetic, reproducible builds

Threat Modeling (STRIDE)

Threat Example Mitigation
Spoofing Fake identity Strong auth, MFA
Tampering Modified data Integrity checks, signing
Repudiation Deny actions Audit logs, non-repudiation
Information Disclosure Data leak Encryption, access control
Denial of Service Overload Rate limiting, scaling
Elevation of Privilege Unauthorized access Least privilege, RBAC

Code Security Review Checklist

## OWASP Top 10 (2021)

- [ ] A01: Broken Access Control
- [ ] A02: Cryptographic Failures
- [ ] A03: Injection (SQL, NoSQL, OS, LDAP)
- [ ] A04: Insecure Design
- [ ] A05: Security Misconfiguration
- [ ] A06: Vulnerable Components
- [ ] A07: Auth Failures
- [ ] A08: Software/Data Integrity Failures
- [ ] A09: Logging/Monitoring Failures
- [ ] A10: SSRF

Secrets Management

Never commit secrets. Use environment-based injection:

# Kubernetes External Secrets
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: api-keys
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: vault-backend
    kind: ClusterSecretStore
  target:
    name: api-keys
  data:
    - secretKey: OPENAI_API_KEY
      remoteRef:
        key: secret/data/api-keys
        property: openai

SBOM Generation

# Generate SBOM with Syft
syft packages dir:. -o spdx-json > sbom.spdx.json

# Scan for vulnerabilities with Grype
grype sbom:sbom.spdx.json --fail-on high

Container Security

# Secure Dockerfile patterns
FROM cgr.dev/chainguard/node:latest AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production

FROM cgr.dev/chainguard/node:latest
WORKDIR /app
COPY --from=build /app/node_modules ./node_modules
COPY . .
USER nonroot
CMD ["node", "server.js"]

Scan images:

trivy image myapp:latest --severity HIGH,CRITICAL

Runtime Security (eBPF)

Tetragon for kernel-level enforcement:

apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
  name: sensitive-file-access
spec:
  kprobes:
    - call: "fd_install"
      selectors:
        - matchArgs:
            - index: 1
              operator: "Prefix"
              values: ["/etc/shadow", "/etc/passwd"]
      action: NotifyEnforcer

Falco for threat detection:

- rule: Shell Spawned in Container
  desc: Detect shell spawned in a container
  condition: >
    spawned_process and container and
    proc.name in (shell_binaries)
  output: >
    Shell spawned in container
    (user=%user.name container=%container.name shell=%proc.name)
  priority: WARNING

Compliance Automation

Vanta/Drata Integration:

  • Continuous monitoring of 35+ frameworks
  • Automated evidence collection
  • Risk flagging and remediation tracking

Key Frameworks:

  • SOC 2 Type II
  • ISO 27001
  • HIPAA
  • GDPR
  • PCI DSS

Incident Response Playbook

## Phase 1: Detection & Analysis (MTTD < 5 min)

1. Alert triggered β†’ Acknowledge in SOAR
2. Gather initial IOCs (IPs, hashes, usernames)
3. Determine scope and severity
4. Escalate if P1/P2

## Phase 2: Containment (MTTR < 1 hour)

1. Isolate affected systems
2. Block malicious IPs/domains
3. Disable compromised accounts
4. Preserve evidence (disk images, logs)

## Phase 3: Eradication

1. Remove malware/backdoors
2. Patch vulnerabilities
3. Reset credentials
4. Verify clean state

## Phase 4: Recovery

1. Restore from clean backups
2. Monitor for re-infection
3. Gradual service restoration
4. Validate functionality

## Phase 5: Lessons Learned

1. Timeline reconstruction
2. Root cause analysis
3. Update playbooks
4. Security improvements

Penetration Testing Checklist

## Reconnaissance

- [ ] DNS enumeration
- [ ] Subdomain discovery
- [ ] Port scanning
- [ ] Service fingerprinting

## Web Application

- [ ] Authentication bypass
- [ ] Session management
- [ ] Input validation
- [ ] Access control
- [ ] Business logic

## Infrastructure

- [ ] Network segmentation
- [ ] Privilege escalation
- [ ] Lateral movement
- [ ] Data exfiltration paths

Agents

  • security-architect - Threat modeling, secure design, compliance
  • incident-responder - Incident handling, forensics, recovery

Deep Dives

Examples

# Related Skills

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

⚑ Amp πŸš€ Antigravity πŸ€– Claude Code πŸ¦€ Clawdbot πŸ“ Codex ▢️ Cursor πŸ€– Droid πŸ’Ž Gemini CLI πŸ™ GitHub Copilot πŸͺΏ Goose πŸ“Š Kilo Code πŸ”§ Kiro CLI πŸ’» OpenCode 🦘 Roo Code 🌲 Trae πŸ„ Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.