killvxk/analyzing-threat-actor-ttps-with-mitre-navigator
skills/analyzing-threat-actor-ttps-with-mitre-navigator/SKILL.md
使用 ATT&CK Navigator 和 attackcti Python 库将高级持续性威胁(APT)组织的战术、技术和过程(TTP)映射到 MITRE ATT&CK 框架。分析人员查询 STIX/TAXII 数据以获取组织-技术关联,生成 Navigator 层文件进行可视化,并将防御覆盖与对手画像进行对比。
$ install --global
skillsauthnpx skillsauth add killvxk/cybersecurity-skills-zh analyzing-threat-actor-ttps-with-mitre-navigatorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 4:24 AM26.0s3 files scanned
SKILL.md
- name:
- analyzing-threat-actor-ttps-with-mitre-navigator
- description:
- >
- domain:
- cybersecurity
- subdomain:
- threat-intelligence
- tags:
- [mitre-attack, navigator, threat-intelligence, apt, ttp-mapping, stix, attackcti]
- version:
- 1.0
- author:
- mahipal
- license:
- Apache-2.0
使用 MITRE Navigator 分析威胁行为者 TTP
概述
MITRE ATT&CK Navigator 是一款用于标注和可视化 ATT&CK 矩阵的 Web 应用。结合 attackcti Python 库(通过 TAXII 查询 ATT&CK STIX 数据),分析人员可以以编程方式生成 Navigator 层文件,映射特定威胁组织的 TTP,比较多个组织,并评估针对已知对手的检测覆盖差距。
前置条件
- Python 3.8+,安装 attackcti 和 stix2 库
- MITRE ATT&CK Navigator(Web UI 或本地实例)
- 了解 STIX 2.1 对象和关系
步骤
- 使用 attackcti 查询目标威胁组织的 ATT&CK STIX 数据
- 通过 STIX 关系提取与组织关联的技术
- 生成带技术标注的 ATT&CK Navigator 层 JSON
- 叠加检测覆盖以识别差距
- 导出层文件供团队审查和防御规划
预期输出
{
"name": "APT29 TTPs",
"domain": "enterprise-attack",
"techniques": [
{"techniqueID": "T1566.001", "score": 1, "comment": "Spearphishing Attachment"},
{"techniqueID": "T1059.001", "score": 1, "comment": "PowerShell"}
]
}
Related Skills
killvxk/conducting-social-engineering-penetration-test
testing
VerifiedTrustedCommunity
设计并执行社会工程学渗透测试,包括钓鱼、语音钓鱼、短信钓鱼和物理借口活动,以衡量人员安全韧性并识别培训差距。
10SKILL.mdUpdated Apr 29, 2026
killvxk/conducting-post-incident-lessons-learned
testing
VerifiedTrustedCommunity
主持结构化的事件后审查,以识别根本原因、记录有效和无效的措施,并提出可操作的改进建议以提升未来的事件响应能力。
10SKILL.mdUpdated Apr 29, 2026
killvxk/conducting-phishing-incident-response
testing
VerifiedTrustedCommunity
通过分析举报的邮件、提取指标、评估凭据受攻陷情况、在全组织范围隔离恶意邮件并修复受影响账号来响应网络钓鱼事件。涵盖邮件头分析、URL/附件沙箱检测和邮箱范围清除操作。适用于网络钓鱼响应、邮件事件、凭据钓鱼、鱼叉式网络钓鱼调查或钓鱼修复相关请求。
10SKILL.mdUpdated Apr 29, 2026
killvxk/conducting-pass-the-ticket-attack
tools
VerifiedTrustedCommunity
票据传递(Pass-the-Ticket,PtT)是一种横向移动技术,使用窃取的 Kerberos 票据(TGT 或 TGS)在不知道用户密码的情况下向服务进行认证。通过从已控制的主机内存中提取 Kerberos 票据,攻击者可以将这些票据注入自己的会话以模拟票据所有者。
10SKILL.mdUpdated Apr 29, 2026