Skip to content

v1.3.0

Latest
Latest

Choose a tag to compare

View all tags
@mukul975 mukul975 released this 22 Jun 17:11
· 1 commit to main since this release
v1.3.0
101ca0b

v1.3.0

This release grows the library from 762 to 817 skills, adds a sixth framework (MITRE F3), and fixes the plugin version that installs were reporting as 1.0.

55 new skills

Built around the fastest-growing attack and skills areas from the 2025-2026 ISC2, WEF, CrowdStrike, and Mandiant reports. Three new domains, plus depth in six existing ones.

New domains:

  • AI Security (12 skills) covers LLM red-teaming with garak and PyRIT, direct and indirect prompt injection, RAG poisoning, MCP tool-poisoning, agentic tool-invocation controls, and runtime guardrails.
  • Supply Chain Security (5 skills) covers SBOM generation, dependency confusion, malicious npm package triage, typosquatting detection, and SLSA/Sigstore provenance.
  • Hardware and Firmware Security (4 skills) covers CHIPSEC UEFI audits, Secure Boot bypass detection, TPM measured-boot attestation, and bootkit hunting in the EFI System Partition.

Expanded coverage:

  • Identity: 10 skills on Entra ID and ADCS attacks (ROADtools, GraphRunner, AADInternals, Certipy, BloodHound CE, device-code phishing) since stolen credentials and valid-account abuse now lead initial access.
  • Cloud-native: 8 skills (Stratus Red Team, Pacu, CloudFox, container escape, Kubernetes RBAC, Falco, Trivy, kube-bench).
  • Offensive C2 and lateral movement: 6 skills (Sliver, Havoc, NetExec, DPAPI, NTLM relay to ESC8, redirector infrastructure).
  • DFIR: 6 skills (Hayabusa, Chainsaw, KAPE, Velociraptor, Eric Zimmerman tools, Plaso).
  • Backfill for thin domains: OpenCTI, MISP, honeytokens, and post-quantum cryptography migration.

Every skill ships with the full folder layout (SKILL.md, references, runnable scripts/agent.py, LICENSE), real tool commands sourced from each project's docs, and ATT&CK or ATLAS plus NIST CSF mappings.

MITRE Fight Fraud Framework (F3 v1.1)

All 94 fraud-relevant skills now carry an mitre_f3 frontmatter block alongside mitre_attack. F3 adds two tactics that ATT&CK does not have, Positioning and Monetization, so a single skill can trace a cyber intrusion through to the financial loss it causes. Every F3 technique ID was checked against the upstream STIX bundle. This makes F3 the sixth mapped framework after ATT&CK, NIST CSF 2.0, ATLAS, D3FEND, and NIST AI RMF.

MITRE ATT&CK v19.1

All skills were revalidated against ATT&CK v19.1 using the official mitreattack-python library. Revoked and restructured IDs were remapped (the T1562 Impair Defenses family and T1070.001 moved to the new T1685 family), and v19's tactic split (Defense Evasion into Stealth and Defense Impairment) is reflected in the README.

Fixes and automation

  • plugin.json was stuck at version 1.0.0, so installs showed 1.0 everywhere. It now tracks the release version.
  • The skill count syncs into the README, marketplace.json, and plugin.json automatically on every skills change, so the number stays correct without manual edits.
  • Releases now bump plugin.json as well as marketplace.json.

Full diff: v1.2.0...v1.3.0

Assets 2
Loading