<< All versions
Skill v1.0.1
currentAutomated scan100/100mukul975/anthropic-cybersecurity-skills/implementing-cloud-workload-protection
+3 new
──Details
PublishedJune 8, 2026 at 04:27 PM
Content Hashsha256:2e38f1d70a3aba4e...
Git SHA04450304b126
Bump Typepatch
──Files
Files (1 file, 2.3 KB)
SKILL.md2.3 KBactive
SKILL.md · 85 lines · 2.3 KB
name: implementing-cloud-workload-protection description: 'Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process anomaly detection, and file integrity checking on EC2/GCE instances. Scans for cryptomining, reverse shells, and unauthorized binaries. Use when building runtime security controls for cloud compute workloads.
' domain: cybersecurity subdomain: cloud-security tags:
- cloud-security
- cwpp
- workload-protection
- boto3
- runtime-security
- process-anomaly-detection
version: '1.0' author: mahipal license: Apache-2.0 nist_csf:
- PR.IR-01
- ID.AM-08
- GV.SC-06
- DE.CM-01
mitre_attack:
- T1078.004
- T1530
- T1537
- T1580
- T1071
Implementing Cloud Workload Protection
When to Use
- When deploying or configuring implementing cloud workload protection capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
Prerequisites
- Familiarity with cloud security concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
Instructions
Monitor cloud workloads for runtime threats by checking process lists, network connections, file integrity, and resource utilization anomalies.
python
import boto3ssm = boto3.client("ssm")# Run command on EC2 instances to check for suspicious processesresponse = ssm.send_command(InstanceIds=["i-1234567890abcdef0"],DocumentName="AWS-RunShellScript",Parameters={"commands": ["ps aux | grep -E 'xmrig|minerd|cryptonight'"]},)
Key protection areas:
- Process monitoring for cryptominers and reverse shells
- File integrity monitoring on critical system files
- Network connection auditing for C2 callbacks
- Resource utilization anomaly detection (CPU spikes)
- Unauthorized binary detection via hash comparison
Examples
python
# Check for unauthorized outbound connectionsssm.send_command(InstanceIds=instances,DocumentName="AWS-RunShellScript",Parameters={"commands": ["ss -tlnp | grep ESTABLISHED"]},)