@blamejs/exceptd-skills 0.12.28 → 0.12.30

package/data/d3fend-catalog.json

@@ -28,7 +28,8 @@
       "stale_after_days": 180,
       "rebuild_after_days": 365,
       "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
-    }
+    },
+    "last_threat_review": "2026-05-15"
   },
   "D3-EAL": {
     "id": "D3-EAL",
@@ -49,8 +50,13 @@
       "Executable Script"
     ],
     "skills_referencing": [
+      "attack-surface-pentest",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "fuzz-testing-strategy",
       "kernel-lpe-triage",
-      "mcp-agent-trust"
+      "mcp-agent-trust",
+      "supply-chain-integrity"
     ],
     "implementation_examples": [
       "AppLocker (Windows)",
@@ -89,8 +95,9 @@
       "File Hash"
     ],
     "skills_referencing": [
+      "defensive-countermeasure-mapping",
       "mcp-agent-trust",
-      "kernel-lpe-triage"
+      "supply-chain-integrity"
     ],
     "implementation_examples": [
       "WDAC hash rules",
@@ -124,6 +131,8 @@
       "Process Segment"
     ],
     "skills_referencing": [
+      "defensive-countermeasure-mapping",
+      "fuzz-testing-strategy",
       "kernel-lpe-triage"
     ],
     "implementation_examples": [
@@ -156,6 +165,7 @@
       "Process Segment"
     ],
     "skills_referencing": [
+      "defensive-countermeasure-mapping",
       "kernel-lpe-triage"
     ],
     "implementation_examples": [
@@ -188,8 +198,7 @@
       "System Call"
     ],
     "skills_referencing": [
-      "kernel-lpe-triage",
-      "mcp-agent-trust"
+      "defensive-countermeasure-mapping"
     ],
     "implementation_examples": [
       "seccomp-bpf profiles (Docker default, gVisor)",
@@ -223,6 +232,7 @@
       "Hardware Performance Counter"
     ],
     "skills_referencing": [
+      "defensive-countermeasure-mapping",
       "kernel-lpe-triage"
     ],
     "implementation_examples": [
@@ -256,8 +266,8 @@
       "Message"
     ],
     "skills_referencing": [
-      "pqc-first",
-      "mcp-agent-trust"
+      "defensive-countermeasure-mapping",
+      "pqc-first"
     ],
     "implementation_examples": [
       "TLS 1.3 with hybrid X25519MLKEM768 key exchange (RFC 9794-class drafts)",
@@ -291,6 +301,7 @@
       "Encrypted File"
     ],
     "skills_referencing": [
+      "defensive-countermeasure-mapping",
       "pqc-first"
     ],
     "implementation_examples": [
@@ -326,8 +337,11 @@
       "Authentication Service"
     ],
     "skills_referencing": [
+      "cloud-iam-incident",
+      "defensive-countermeasure-mapping",
+      "idp-incident-response",
       "mcp-agent-trust",
-      "pqc-first"
+      "supply-chain-integrity"
     ],
     "implementation_examples": [
       "mTLS for service-to-service auth",
@@ -362,6 +376,9 @@
       "Authentication Service"
     ],
     "skills_referencing": [
+      "cloud-iam-incident",
+      "defensive-countermeasure-mapping",
+      "idp-incident-response",
       "mcp-agent-trust"
     ],
     "implementation_examples": [
@@ -398,8 +415,8 @@
       "Network Traffic"
     ],
     "skills_referencing": [
-      "mcp-agent-trust",
-      "ai-c2-detection"
+      "ai-c2-detection",
+      "defensive-countermeasure-mapping"
     ],
     "implementation_examples": [
       "Certificate Transparency log monitoring (Sigsum, CT Watch)",
@@ -435,8 +452,8 @@
       "Network Traffic"
     ],
     "skills_referencing": [
-      "mcp-agent-trust",
-      "ai-c2-detection"
+      "ai-c2-detection",
+      "defensive-countermeasure-mapping"
     ],
     "implementation_examples": [
       "Newly Observed Domain (NOD) blocking",
@@ -471,7 +488,16 @@
       "Network Flow"
     ],
     "skills_referencing": [
-      "ai-c2-detection"
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "attack-surface-pentest",
+      "cloud-iam-incident",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "idp-incident-response",
+      "rag-pipeline-security",
+      "ransomware-response",
+      "sector-telecom"
     ],
     "implementation_examples": [
       "Zeek / Suricata flow analysis",
@@ -505,7 +531,10 @@
       "Network Flow"
     ],
     "skills_referencing": [
-      "ai-c2-detection"
+      "ai-c2-detection",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "sector-telecom"
     ],
     "implementation_examples": [
       "Service mesh allow-policies (Istio AuthorizationPolicy, Linkerd)",
@@ -541,7 +570,12 @@
     ],
     "skills_referencing": [
       "ai-c2-detection",
-      "mcp-agent-trust"
+      "attack-surface-pentest",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "mcp-agent-trust",
+      "rag-pipeline-security",
+      "ransomware-response"
     ],
     "implementation_examples": [
       "AI-API request body inspection at egress proxy (CloudFlare AI Gateway, LiteLLM proxy)",
@@ -577,7 +611,15 @@
     ],
     "skills_referencing": [
       "ai-attack-surface",
-      "rag-pipeline-security"
+      "ai-c2-detection",
+      "cloud-iam-incident",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "fuzz-testing-strategy",
+      "idp-incident-response",
+      "rag-pipeline-security",
+      "ransomware-response",
+      "sector-telecom"
     ],
     "implementation_examples": [
       "LLM output classifier for safety-bypass content (Llama Guard, Granite Guardian)",
@@ -611,7 +653,8 @@
       "Process Tree"
     ],
     "skills_referencing": [
-      "ai-c2-detection"
+      "defensive-countermeasure-mapping",
+      "ransomware-response"
     ],
     "implementation_examples": [
       "EDR with process-network correlation (CrowdStrike, SentinelOne, Defender for Endpoint)",
@@ -645,8 +688,7 @@
       "File Access"
     ],
     "skills_referencing": [
-      "kernel-lpe-triage",
-      "mcp-agent-trust"
+      "defensive-countermeasure-mapping"
     ],
     "implementation_examples": [
       "auditd FIM with behavioral rules",
@@ -681,7 +723,8 @@
     ],
     "skills_referencing": [
       "ai-c2-detection",
-      "kernel-lpe-triage"
+      "defensive-countermeasure-mapping",
+      "sector-telecom"
     ],
     "implementation_examples": [
       "VPC egress allowlists with no default internet route",
@@ -717,8 +760,7 @@
       "Process Tree"
     ],
     "skills_referencing": [
-      "kernel-lpe-triage",
-      "mcp-agent-trust"
+      "defensive-countermeasure-mapping"
     ],
     "implementation_examples": [
       "Sysmon process-creation events with parent-child Sigma rules",
@@ -741,16 +783,30 @@
     "tactic": "Evict",
     "subtactic": "Credential Eviction",
     "description": "Forcibly invalidating cached or active authentication artifacts (tokens, session IDs, cached Kerberos tickets, browser SSO cookies) so that a compromised credential cannot be reused after detection. Distinct from credential rotation in that it acts on the live session state, not just the stored material.",
-    "counters_attack_techniques": ["T1078", "T1550", "T1539", "AML.T0055"],
-    "digital_artifacts_addressed": ["Authentication Session", "Access Token", "Browser Session", "Kerberos Ticket"],
-    "skills_referencing": ["cred-stores", "identity-assurance", "incident-response-playbook"],
+    "counters_attack_techniques": [
+      "T1078",
+      "T1550",
+      "T1539",
+      "AML.T0055"
+    ],
+    "digital_artifacts_addressed": [
+      "Authentication Session",
+      "Access Token",
+      "Browser Session",
+      "Kerberos Ticket"
+    ],
+    "skills_referencing": [],
     "implementation_examples": [
       "OAuth refresh-token revocation on detected credential compromise",
       "klist purge + ticket-granting-service revocation on suspicious Kerberos use",
       "Browser-side single-sign-on cookie invalidation pushed via IDP signal",
       "Service-account JWT issuer kid-rotation followed by global verifier refresh"
     ],
-    "framework_controls_partially_mapped": ["NIST-800-53-IA-5(1)", "NIST-800-53-AC-12", "ISO-27001-2022-A.5.18"],
+    "framework_controls_partially_mapped": [
+      "NIST-800-53-IA-5(1)",
+      "NIST-800-53-AC-12",
+      "ISO-27001-2022-A.5.18"
+    ],
     "ai_pipeline_applicability": "Applies to AI assistant identities (MCP server tokens, model-provider API keys). For ephemeral AI agents the cache invalidation is per-invocation; for long-lived AI sessions (assistant subscriptions), provider must expose a revoke API the operator can call.",
     "lag_notes": "AC-12 (session termination) speaks to user sessions; service-to-service token invalidation under credential compromise is rarely audited. Operationalization gap: most orgs lack the integration to actively invalidate on detection.",
     "last_verified": "2026-05-13"
@@ -761,16 +817,30 @@
     "tactic": "Detect",
     "subtactic": "Credential Activity Analysis",
     "description": "Recording and analyzing every access to credential stores (cloud secret managers, password vaults, KMS, environment-variable reads on privileged processes) to detect anomalous read patterns indicating credential theft or misuse.",
-    "counters_attack_techniques": ["T1555", "T1552", "T1078", "AML.T0055"],
-    "digital_artifacts_addressed": ["Credential Store Access Log", "Process Environment Variable Access"],
-    "skills_referencing": ["cred-stores", "secrets", "dlp-gap-analysis"],
+    "counters_attack_techniques": [
+      "T1555",
+      "T1552",
+      "T1078",
+      "AML.T0055"
+    ],
+    "digital_artifacts_addressed": [
+      "Credential Store Access Log",
+      "Process Environment Variable Access"
+    ],
+    "skills_referencing": [
+      "cloud-iam-incident"
+    ],
     "implementation_examples": [
       "AWS Secrets Manager + CloudTrail GetSecretValue audit with anomaly baseline per principal",
       "HashiCorp Vault audit log forwarded to SIEM with per-policy read-rate alerting",
       "Linux audit on /proc/<pid>/environ reads outside the owning process",
       "GitHub Actions secret-access audit + repository-event correlation"
     ],
-    "framework_controls_partially_mapped": ["NIST-800-53-AU-2", "NIST-800-53-AU-12", "ISO-27001-2022-A.8.15"],
+    "framework_controls_partially_mapped": [
+      "NIST-800-53-AU-2",
+      "NIST-800-53-AU-12",
+      "ISO-27001-2022-A.8.15"
+    ],
     "ai_pipeline_applicability": "Applies wherever AI agents fetch credentials at runtime (MCP server bootstrap, fine-tuning job startup). Serverless equivalent: cloud-provider native secret-fetch audit (Secrets Manager VPC endpoint logs, GCP Secret Manager IAM audit logs).",
     "lag_notes": "AU-2 prescribes audit event categories; framework controls do not require per-secret access baselining. Compliance audits accept 'logging is enabled' without requiring detection rules on read anomalies.",
     "last_verified": "2026-05-13"
@@ -781,16 +851,29 @@
     "tactic": "Harden",
     "subtactic": "Credential Hardening",
     "description": "Increasing the cryptographic and operational strength of credentials at rest and in transit — memory-hard password hashing, hardware-backed key storage, short credential lifetime, mandatory MFA on high-impact identities.",
-    "counters_attack_techniques": ["T1110", "T1555", "T1552"],
-    "digital_artifacts_addressed": ["Password Hash", "Private Key", "API Token", "Session Token"],
-    "skills_referencing": ["crypto-codebase", "identity-assurance", "cred-stores"],
+    "counters_attack_techniques": [
+      "T1110",
+      "T1555",
+      "T1552"
+    ],
+    "digital_artifacts_addressed": [
+      "Password Hash",
+      "Private Key",
+      "API Token",
+      "Session Token"
+    ],
+    "skills_referencing": [],
     "implementation_examples": [
       "Argon2id password hashing with tuned m/t/p",
       "TPM/HSM-backed private keys (Windows Hello for Business, Apple Secure Enclave, AWS CloudHSM)",
       "Short-lived OIDC tokens with mandatory refresh-token rotation",
       "WebAuthn/passkey adoption replacing password authentication"
     ],
-    "framework_controls_partially_mapped": ["NIST-800-53-IA-5", "NIST-800-53-SC-12", "NIST-SP-800-63B"],
+    "framework_controls_partially_mapped": [
+      "NIST-800-53-IA-5",
+      "NIST-800-53-SC-12",
+      "NIST-SP-800-63B"
+    ],
     "ai_pipeline_applicability": "Applies to credentials issued to AI agents — model-provider keys should be short-lived and rotated; MCP server tokens should use mTLS or signed JWTs rather than long-lived bearer secrets.",
     "lag_notes": "IA-5 covers authenticator strength categorically; framework audit rarely samples the actual KDF in use. SP 800-63B's 2022 iteration-count update (PBKDF2 ≥ 600,000) lags in many compliance attestations citing the 2017 numbers.",
     "last_verified": "2026-05-13"
@@ -801,9 +884,19 @@
     "tactic": "Isolate",
     "subtactic": "Execution Isolation",
     "description": "Constraining a process so that even successful exploitation cannot reach resources outside the isolation boundary — containers with read-only rootfs, sandboxed renderers, seccomp-restricted syscall sets, namespace-isolated workers, gVisor / Firecracker microVMs.",
-    "counters_attack_techniques": ["T1611", "T1068", "T1055", "T1106"],
-    "digital_artifacts_addressed": ["Process", "Container", "Sandbox", "Namespace"],
-    "skills_referencing": ["container-runtime-security", "hardening"],
+    "counters_attack_techniques": [
+      "T1611",
+      "T1068",
+      "T1055",
+      "T1106"
+    ],
+    "digital_artifacts_addressed": [
+      "Process",
+      "Container",
+      "Sandbox",
+      "Namespace"
+    ],
+    "skills_referencing": [],
     "implementation_examples": [
       "Read-only container rootfs + tmpfs for ephemeral state",
       "seccomp-bpf default-deny syscall profiles per workload",
@@ -811,7 +904,11 @@
       "Firecracker microVMs for multi-tenant SaaS execution",
       "Linux user namespaces dropping CAP_SYS_ADMIN at process start"
     ],
-    "framework_controls_partially_mapped": ["NIST-800-53-SC-39", "NIST-800-53-AC-4", "ISO-27001-2022-A.8.22"],
+    "framework_controls_partially_mapped": [
+      "NIST-800-53-SC-39",
+      "NIST-800-53-AC-4",
+      "ISO-27001-2022-A.8.22"
+    ],
     "ai_pipeline_applicability": "Critical for AI agent execution: untrusted-code-execution tools (interpreter, code-runner MCP servers) must run in a microVM or gVisor sandbox, not in the host AI's process. Serverless platforms provide this implicitly (Lambda firecracker, Cloud Run gVisor).",
     "lag_notes": "SC-39 covers process isolation conceptually; framework controls do not specify required isolation primitives. 'Containers' alone do not satisfy isolation without read-only rootfs + seccomp + capability dropping — controls rarely audit which container hardening is actually enforced.",
     "last_verified": "2026-05-13"
@@ -822,16 +919,29 @@
     "tactic": "Detect",
     "subtactic": "File Analysis",
     "description": "Inspecting file contents against rule sets (YARA, Sigma, custom regex, ML classifier) to detect malicious patterns, embedded secrets, or unauthorized content classes at rest or at egress.",
-    "counters_attack_techniques": ["T1552.001", "T1552.004", "T1567", "AML.T0055"],
-    "digital_artifacts_addressed": ["File Content", "Source Code", "Configuration File"],
-    "skills_referencing": ["secrets", "dlp-gap-analysis", "cred-stores"],
+    "counters_attack_techniques": [
+      "T1552.001",
+      "T1552.004",
+      "T1567",
+      "AML.T0055"
+    ],
+    "digital_artifacts_addressed": [
+      "File Content",
+      "Source Code",
+      "Configuration File"
+    ],
+    "skills_referencing": [],
     "implementation_examples": [
       "gitleaks / trufflehog pre-commit and CI-time secret scanning",
       "YARA rules on uploaded files at SaaS file-upload boundaries",
       "DLP content-classification on outbound email + cloud-storage uploads",
       "AI prompt-content classification before egress to public LLM endpoints"
     ],
-    "framework_controls_partially_mapped": ["NIST-800-53-SI-3", "NIST-800-53-SI-4", "ISO-27001-2022-A.8.12"],
+    "framework_controls_partially_mapped": [
+      "NIST-800-53-SI-3",
+      "NIST-800-53-SI-4",
+      "ISO-27001-2022-A.8.12"
+    ],
     "ai_pipeline_applicability": "Critical for AI exfil prevention: prompt content rules block sending sensitive data to public AI endpoints; retrieval-corpus content rules block injection of attacker-controlled documents. For RAG: per-document content classification at ingest.",
     "lag_notes": "SI-3 / SI-4 cover monitoring categorically; rule-set freshness and tuning are operational concerns rarely audited. DLP frameworks lag in covering AI prompts as an egress channel.",
     "last_verified": "2026-05-13"
@@ -842,9 +952,18 @@
     "tactic": "Isolate",
     "subtactic": "Execution Isolation",
     "description": "Using kernel primitives (namespaces, cgroups, seccomp, capabilities, LSMs, eBPF) to enforce isolation boundaries between processes that share the same kernel. Distinct from D3-EI in that the isolation is enforced inside a shared kernel rather than across a hypervisor or microVM boundary.",
-    "counters_attack_techniques": ["T1055", "T1068", "T1611"],
-    "digital_artifacts_addressed": ["Process", "Namespace", "cgroup", "LSM Profile"],
-    "skills_referencing": ["kernel-lpe-triage", "hardening", "container-runtime-security"],
+    "counters_attack_techniques": [
+      "T1055",
+      "T1068",
+      "T1611"
+    ],
+    "digital_artifacts_addressed": [
+      "Process",
+      "Namespace",
+      "cgroup",
+      "LSM Profile"
+    ],
+    "skills_referencing": [],
     "implementation_examples": [
       "SELinux / AppArmor confinement profiles per workload",
       "Linux user namespaces + capability dropping (CAP_SYS_ADMIN removed)",
@@ -852,7 +971,10 @@
       "eBPF LSM hooks for fine-grained policy enforcement",
       "systemd hardening directives (ProtectSystem=strict, RestrictSUIDSGID, NoNewPrivileges)"
     ],
-    "framework_controls_partially_mapped": ["NIST-800-53-SC-39", "NIST-800-53-AC-6"],
+    "framework_controls_partially_mapped": [
+      "NIST-800-53-SC-39",
+      "NIST-800-53-AC-6"
+    ],
     "ai_pipeline_applicability": "Less applicable on managed serverless (no kernel-tuning surface). Critical on self-managed hosts running MCP servers, AI build agents, training pipelines. Containerized AI runtimes still rely on kernel isolation primitives — a kernel LPE escapes the container.",
     "lag_notes": "SC-39 process isolation is named but not parameterized; framework controls accept 'containers are used' as evidence without auditing the kernel-level confinement layer. KASLR + SMEP + SMAP + KPTI presence is implicit not explicit in any framework control.",
     "last_verified": "2026-05-13"
@@ -863,16 +985,28 @@
     "tactic": "Detect",
     "subtactic": "Process Analysis",
     "description": "Recording and analyzing system calls made by processes to detect malicious behavior — unusual syscall patterns, attempts to disable security mechanisms, kernel exploitation primitives (e.g. unshare(2), ptrace(2) on unrelated PIDs, bpf(2) on unprivileged contexts).",
-    "counters_attack_techniques": ["T1055", "T1068", "T1562", "T1106"],
-    "digital_artifacts_addressed": ["System Call", "Process Behavior"],
-    "skills_referencing": ["runtime", "kernel-lpe-triage"],
+    "counters_attack_techniques": [
+      "T1055",
+      "T1068",
+      "T1562",
+      "T1106"
+    ],
+    "digital_artifacts_addressed": [
+      "System Call",
+      "Process Behavior"
+    ],
+    "skills_referencing": [],
     "implementation_examples": [
       "Linux auditd with syscall rules (ausearch -k privesc)",
       "Falco runtime rules on suspicious syscall sequences",
       "eBPF-based tools (tetragon, tracee) for kernel-level visibility",
       "Sysdig / inspector for container-syscall-anomaly detection"
     ],
-    "framework_controls_partially_mapped": ["NIST-800-53-SI-4", "NIST-800-53-AU-2", "ISO-27001-2022-A.8.16"],
+    "framework_controls_partially_mapped": [
+      "NIST-800-53-SI-4",
+      "NIST-800-53-AU-2",
+      "ISO-27001-2022-A.8.16"
+    ],
     "ai_pipeline_applicability": "Self-managed AI hosts: standard syscall monitoring applies. Serverless: equivalent is provider-side runtime telemetry (Lambda runtime API, GVisor sentry events). MCP server hosts especially: malicious MCP plugins often hit suspicious syscalls (ptrace, bpf, unshare).",
     "lag_notes": "SI-4 prescribes monitoring at the system level abstractly; specific syscall analytics (which calls, which thresholds, which response) are deployment-team choices that framework audits do not sample.",
     "last_verified": "2026-05-13"
@@ -883,16 +1017,29 @@
     "tactic": "Detect",
     "subtactic": "File Analysis",
     "description": "Monitoring critical system files (auth databases, audit configurations, init scripts, boot loaders, sudoers, SSH authorized_keys) for unauthorized modification — file integrity monitoring with cryptographic baselines and immutable-write enforcement.",
-    "counters_attack_techniques": ["T1543", "T1547", "T1098", "T1562.001"],
-    "digital_artifacts_addressed": ["System File", "Configuration File", "File Hash"],
-    "skills_referencing": ["runtime", "hardening", "incident-response-playbook"],
+    "counters_attack_techniques": [
+      "T1543",
+      "T1547",
+      "T1098",
+      "T1562.001"
+    ],
+    "digital_artifacts_addressed": [
+      "System File",
+      "Configuration File",
+      "File Hash"
+    ],
+    "skills_referencing": [],
     "implementation_examples": [
       "AIDE / Tripwire / OSSEC file-integrity baselines on /etc, /usr/bin, /sbin",
       "Auditd watch rules on /etc/passwd, /etc/shadow, /etc/sudoers, ~/.ssh/authorized_keys",
       "Linux IMA-EVM measured boot extending into runtime FIM",
       "AWS Config rules monitoring IAM policy file analogs (managed-policy versions)"
     ],
-    "framework_controls_partially_mapped": ["NIST-800-53-SI-7", "NIST-800-53-AU-2", "ISO-27001-2022-A.8.13"],
+    "framework_controls_partially_mapped": [
+      "NIST-800-53-SI-7",
+      "NIST-800-53-AU-2",
+      "ISO-27001-2022-A.8.13"
+    ],
     "ai_pipeline_applicability": "Self-managed AI hosts: standard FIM applies to MCP server configs, ~/.claude, ~/.cursor settings. Serverless: equivalent is image-immutability + read-only rootfs (modifications outside writable tmpfs are structurally impossible).",
     "lag_notes": "SI-7 covers software/firmware integrity; user-space configuration FIM is implicit not explicit. Framework audits accept 'FIM is deployed' without sampling whether the rule set covers AI-assistant config paths that have become high-value targets.",
     "last_verified": "2026-05-13"

package/data/dlp-controls.json

@@ -15,7 +15,8 @@
       "stale_after_days": 180,
       "rebuild_after_days": 365,
       "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
-    }
+    },
+    "last_threat_review": "2026-05-15"
   },
   "DLP-CHAN-EMAIL-OUT": {
     "id": "DLP-CHAN-EMAIL-OUT",