blockmine 1.21.0 → 1.23.0

package/.claude/skills/cybersecurity/SKILL.md

@@ -0,0 +1,409 @@
+# Cybersecurity Skill
+
+## Overview
+
+Comprehensive cybersecurity guidance covering security architecture, threat modeling, security operations, incident response, application security, network security, cloud security, identity and access management, cryptography, security testing, and compliance.
+
+## When to Use This Skill
+
+This skill should be activated when:
+- Designing security architectures
+- Implementing security controls
+- Conducting threat modeling
+- Setting up security operations
+- Responding to security incidents
+- Securing applications and APIs
+- Implementing network security
+- Securing cloud environments
+- Managing identity and access
+- Implementing cryptographic solutions
+- Performing security testing
+- Achieving security compliance
+
+## Core Security Domains
+
+### 1. Security Architecture & Design
+
+**Principles:**
+- Zero Trust Architecture
+- Defense in Depth
+- Least Privilege
+- Separation of Duties
+- Fail Secure
+- Security by Design
+
+**Architecture Patterns:**
+- Segmented network architecture
+- Micro-segmentation
+- Perimeter security
+- Defense in depth layering
+- Security zones and enclaves
+- DMZ architecture
+- Bastion host patterns
+
+### 2. Threat Modeling & Risk Management
+
+**Frameworks:**
+- STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
+- PASTA (Process for Attack Simulation and Threat Analysis)
+- DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability)
+- OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)
+
+**Process:**
+1. Identify assets
+2. Identify threats
+3. Assess vulnerabilities
+4. Determine risk
+5. Implement mitigations
+6. Validate and monitor
+
+### 3. Security Operations (SecOps)
+
+**Key Components:**
+- Security Operations Center (SOC)
+- Security Information and Event Management (SIEM)
+- Security Orchestration, Automation, and Response (SOAR)
+- Intrusion Detection/Prevention Systems (IDS/IPS)
+- Endpoint Detection and Response (EDR)
+- Extended Detection and Response (XDR)
+
+**Processes:**
+- Continuous monitoring
+- Log aggregation and analysis
+- Threat intelligence integration
+- Alert triage and investigation
+- Incident escalation
+- Threat hunting
+- Vulnerability management
+- Patch management
+
+### 4. Incident Response
+
+**Phases:**
+1. **Preparation:** IR plan, team, tools, training
+2. **Identification:** Detect and determine scope
+3. **Containment:** Short-term and long-term containment
+4. **Eradication:** Remove threat and vulnerabilities
+5. **Recovery:** Restore systems to normal
+6. **Lessons Learned:** Post-incident review
+
+**Key Artifacts:**
+- Incident Response Plan
+- Playbooks/Runbooks
+- Communication plan
+- Evidence handling procedures
+- Chain of custody documentation
+- Post-incident reports
+
+### 5. Application Security (AppSec)
+
+**Secure Development:**
+- Secure SDLC (SSDLC)
+- Security requirements
+- Threat modeling in design
+- Secure coding practices
+- Code review
+- Security testing
+
+**Security Testing:**
+- Static Application Security Testing (SAST)
+- Dynamic Application Security Testing (DAST)
+- Interactive Application Security Testing (IAST)
+- Software Composition Analysis (SCA)
+- Penetration testing
+- Bug bounty programs
+
+**Common Vulnerabilities:**
+- OWASP Top 10
+- SQL Injection
+- Cross-Site Scripting (XSS)
+- Cross-Site Request Forgery (CSRF)
+- Insecure deserialization
+- Security misconfiguration
+- Broken authentication
+- Sensitive data exposure
+
+### 6. Network Security
+
+**Controls:**
+- Firewalls (next-gen, web application)
+- Network segmentation
+- VLANs and VXLANs
+- VPN (IPSec, SSL/TLS)
+- Network Access Control (NAC)
+- Intrusion Detection/Prevention
+- DDoS protection
+- DNS security (DNSSEC)
+
+**Monitoring:**
+- Network traffic analysis
+- NetFlow/sFlow analysis
+- Packet capture and analysis
+- Anomaly detection
+- Threat intelligence feeds
+
+### 7. Cloud Security
+
+**Shared Responsibility Model:**
+- Cloud provider responsibilities
+- Customer responsibilities
+- Different models: IaaS, PaaS, SaaS
+
+**Cloud Security Controls:**
+- Cloud Security Posture Management (CSPM)
+- Cloud Workload Protection Platform (CWPP)
+- Cloud Access Security Broker (CASB)
+- Secure configuration
+- Identity and access management
+- Encryption (at-rest, in-transit)
+- Key management
+- Logging and monitoring
+- Compliance validation
+
+**Cloud-Specific Threats:**
+- Misconfigured storage buckets
+- Excessive IAM permissions
+- Unencrypted data
+- Exposed secrets
+- Vulnerable container images
+- Supply chain attacks
+
+### 8. Identity & Access Management (IAM)
+
+**Core Concepts:**
+- Authentication vs Authorization
+- Single Sign-On (SSO)
+- Multi-Factor Authentication (MFA)
+- Privileged Access Management (PAM)
+- Identity Federation
+- Just-In-Time (JIT) access
+- Zero Trust Network Access (ZTNA)
+
+**Technologies:**
+- Active Directory / Azure AD
+- LDAP
+- SAML 2.0
+- OAuth 2.0 / OpenID Connect
+- Kerberos
+- RADIUS
+- TACACS+
+
+**Best Practices:**
+- Principle of least privilege
+- Regular access reviews
+- Strong password policies
+- MFA enforcement
+- Service account management
+- Privileged account monitoring
+- Identity lifecycle management
+
+### 9. Cryptography
+
+**Fundamentals:**
+- Symmetric encryption (AES, ChaCha20)
+- Asymmetric encryption (RSA, ECC)
+- Hash functions (SHA-256, SHA-3)
+- Digital signatures
+- Message Authentication Codes (MAC)
+- Key derivation functions (KDF)
+
+**Implementations:**
+- TLS/SSL configuration
+- Certificate management
+- Public Key Infrastructure (PKI)
+- Hardware Security Modules (HSM)
+- Key Management Systems (KMS)
+- Encryption key rotation
+- Perfect Forward Secrecy (PFS)
+
+**Post-Quantum Cryptography:**
+- NIST PQC candidates
+- Hybrid approaches
+- Migration planning
+
+### 10. Security Testing & Assessment
+
+**Types:**
+- Vulnerability Assessment
+- Penetration Testing (black box, white box, gray box)
+- Red Team Exercises
+- Purple Team Exercises
+- Bug Bounty Programs
+- Security Audits
+- Compliance Assessments
+
+**Methodologies:**
+- OWASP Testing Guide
+- PTES (Penetration Testing Execution Standard)
+- OSSTMM (Open Source Security Testing Methodology Manual)
+- NIST SP 800-115
+
+**Tools:**
+- Vulnerability scanners (Nessus, Qualys, OpenVAS)
+- Web app scanners (Burp Suite, OWASP ZAP)
+- Network scanners (Nmap, Masscan)
+- Exploitation frameworks (Metasploit)
+- Password crackers (John, Hashcat)
+- Social engineering (GoPhish)
+
+### 11. Compliance & Governance
+
+**Frameworks:**
+- NIST Cybersecurity Framework (CSF)
+- ISO/IEC 27001/27002
+- CIS Controls
+- COBIT
+- NIST SP 800-53
+- PCI DSS
+- HIPAA Security Rule
+- GDPR
+- SOC 2
+- FedRAMP
+- CMMC
+
+**Key Activities:**
+- Policy development
+- Standards documentation
+- Control implementation
+- Compliance monitoring
+- Audit preparation
+- Evidence collection
+- Risk assessments
+- Gap analysis
+
+## Security by Domain
+
+### Commercial/Enterprise Security
+- Corporate network security
+- Endpoint protection
+- Email security
+- Data loss prevention (DLP)
+- Insider threat programs
+- Security awareness training
+- Third-party risk management
+- Supply chain security
+
+### Government/Cleared Security
+- Classified information handling
+- SCIF security requirements
+- TEMPEST protection
+- Cross-domain solutions
+- Secure communications (HAIPE, COMSEC)
+- Personnel security (clearances)
+- Physical security integration
+- Continuous monitoring programs
+
+### Cloud-Native Security
+- Container security
+- Kubernetes security
+- Serverless security
+- API security
+- DevSecOps integration
+- Secrets management
+- Service mesh security
+- Infrastructure as Code security
+
+## Common Security Patterns
+
+### 1. Zero Trust Implementation
+```
+┌─────────────────────────────────────────┐
+│         Zero Trust Architecture         │
+├─────────────────────────────────────────┤
+│ • Verify explicitly (every access)      │
+│ • Least privilege access                │
+│ • Assume breach                         │
+│                                         │
+│ Components:                             │
+│ ├─ Identity Provider (IdP)             │
+│ ├─ Policy Decision Point (PDP)         │
+│ ├─ Policy Enforcement Point (PEP)      │
+│ ├─ Continuous monitoring               │
+│ └─ Analytics and threat intelligence   │
+└─────────────────────────────────────────┘
+```
+
+### 2. Defense in Depth Layers
+```
+┌─────────────────────────────────────────┐
+│ Layer 1: Physical Security             │
+├─────────────────────────────────────────┤
+│ Layer 2: Network Perimeter             │
+├─────────────────────────────────────────┤
+│ Layer 3: Network Segmentation          │
+├─────────────────────────────────────────┤
+│ Layer 4: Endpoint Security             │
+├─────────────────────────────────────────┤
+│ Layer 5: Application Security          │
+├─────────────────────────────────────────┤
+│ Layer 6: Data Security                 │
+├─────────────────────────────────────────┤
+│ Layer 7: Security Monitoring           │
+└─────────────────────────────────────────┘
+```
+
+### 3. Incident Response Workflow
+```
+Detection → Triage → Investigation → Containment →
+Eradication → Recovery → Lessons Learned →
+Update Defenses → Monitor
+```
+
+## Integration with Other Skills
+
+- **devsecops**: Security in CI/CD pipelines, compliance automation
+- **cloud-engineering**: Cloud security architecture, CSPM
+- **infrastructure-architecture**: Secure architecture design, threat modeling
+- **network-engineering**: Network security controls, segmentation
+- **platform-engineering**: Container/K8s security, secrets management
+- **observability-engineering**: Security monitoring, SIEM integration
+- **sre**: Incident response, security monitoring
+
+## Resources
+
+See the `resources/` directory for detailed guides on:
+- Security architecture patterns
+- Threat modeling guides
+- Incident response playbooks
+- Security testing methodologies
+- Cryptography implementation guides
+- Compliance frameworks
+- Security tools and technologies
+
+## Quick Reference
+
+### Security Assessment Questions
+1. What assets are we protecting?
+2. What are the threats?
+3. What are the vulnerabilities?
+4. What is the risk level?
+5. What controls are in place?
+6. What is the residual risk?
+7. Are we compliant with requirements?
+8. How do we detect incidents?
+9. How do we respond?
+10. How do we improve?
+
+### Common Security Acronyms
+- CIA: Confidentiality, Integrity, Availability
+- AAA: Authentication, Authorization, Accounting
+- IDS/IPS: Intrusion Detection/Prevention System
+- SIEM: Security Information and Event Management
+- SOAR: Security Orchestration, Automation, and Response
+- EDR: Endpoint Detection and Response
+- XDR: Extended Detection and Response
+- CASB: Cloud Access Security Broker
+- CSPM: Cloud Security Posture Management
+- CWPP: Cloud Workload Protection Platform
+- PAM: Privileged Access Management
+- ZTNA: Zero Trust Network Access
+- MFA: Multi-Factor Authentication
+- SSO: Single Sign-On
+
+---
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+🎯 SKILL ACTIVATED: cybersecurity
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+
+**Remember:** Security is not a product, it's a process. Continuous improvement and adaptation are essential.

package/.claude/skills/cybersecurity/resources/security-architecture.md

@@ -0,0 +1,266 @@
+# Security Architecture Patterns
+
+## Zero Trust Architecture
+
+### Core Principles
+1. **Never Trust, Always Verify**
+   - Verify every access request
+   - No implicit trust based on network location
+   - Continuous authentication and authorization
+
+2. **Least Privilege Access**
+   - Minimum necessary permissions
+   - Time-bound access
+   - Just-In-Time (JIT) access
+
+3. **Assume Breach**
+   - Limit blast radius
+   - Micro-segmentation
+   - Continuous monitoring
+
+### Implementation Components
+
+```yaml
+zero_trust_components:
+  identity_provider:
+    - Multi-factor authentication
+    - Conditional access policies
+    - Risk-based authentication
+
+  policy_engine:
+    - Access policies based on context
+    - User/device/location/behavior
+    - Real-time risk scoring
+
+  enforcement_points:
+    - Network gateways
+    - API gateways
+    - Application proxies
+
+  continuous_monitoring:
+    - User behavior analytics
+    - Device health checking
+    - Threat intelligence integration
+```
+
+## Defense in Depth
+
+### Network Security Layers
+
+```
+┌──────────────────────────────────────────┐
+│   Perimeter Defense (Firewalls, IPS)    │
+├──────────────────────────────────────────┤
+│   Network Segmentation (VLANs, ACLs)    │
+├──────────────────────────────────────────┤
+│   Application Layer (WAF, API Gateway)  │
+├──────────────────────────────────────────┤
+│   Data Layer (Encryption, DLP)          │
+├──────────────────────────────────────────┤
+│   Endpoint (EDR, Antivirus)             │
+├──────────────────────────────────────────┤
+│   Identity (MFA, SSO, PAM)              │
+└──────────────────────────────────────────┘
+```
+
+### Security Zones
+
+**DMZ (Demilitarized Zone):**
+- Public-facing services
+- Web servers, mail servers
+- Extra scrutiny and monitoring
+
+**Internal Zones:**
+- Corporate network
+- User workstations
+- Internal applications
+
+**Restricted Zones:**
+- Sensitive data systems
+- Financial systems
+- HR systems
+- Executive communications
+
+**Management Zone:**
+- Admin access only
+- Jump boxes/bastion hosts
+- Privileged access workstations
+
+## Secure Architecture Patterns
+
+### Pattern 1: API Gateway with Security
+
+```
+[External Users]
+      ↓
+[WAF / DDoS Protection]
+      ↓
+[API Gateway]
+   ├─ Rate Limiting
+   ├─ Authentication (JWT/OAuth)
+   ├─ Authorization (RBAC/ABAC)
+   ├─ Request Validation
+   ├─ Logging
+   └─ TLS Termination
+      ↓
+[Internal Microservices]
+```
+
+### Pattern 2: Secure Multi-Tier Application
+
+```
+[Internet]
+    ↓
+[Load Balancer + WAF]
+    ↓
+[Web Tier] (DMZ)
+    ↓ (Restricted ports/protocols)
+[Application Tier] (Internal)
+    ↓ (Database protocols only)
+[Database Tier] (Highly restricted)
+    ↓
+[Backup/Storage] (Encrypted)
+```
+
+### Pattern 3: Secure Cloud Architecture
+
+```
+[Cloud Provider]
+├─ VPC/VNet
+│  ├─ Public Subnet
+│  │  └─ NAT Gateway, Load Balancer
+│  ├─ Private Subnet
+│  │  └─ Application instances
+│  └─ Data Subnet
+│     └─ Databases (no internet access)
+├─ IAM
+│  ├─ Service roles (least privilege)
+│  ├─ User roles
+│  └─ MFA enforcement
+├─ Encryption
+│  ├─ KMS for key management
+│  ├─ At-rest encryption
+│  └─ In-transit encryption (TLS)
+└─ Monitoring
+   ├─ CloudTrail/Activity logs
+   ├─ Security Hub/Security Center
+   └─ SIEM integration
+```
+
+## Secure Design Principles
+
+### 1. Fail Secure
+- System failures should default to secure state
+- Deny access on error
+- Graceful degradation
+
+### 2. Complete Mediation
+- Check every access
+- No caching of access decisions for sensitive operations
+- Re-validate on context changes
+
+### 3. Open Design
+- Security through proper implementation, not obscurity
+- Assume attacker has full knowledge of system
+- Use proven cryptographic algorithms
+
+### 4. Least Common Mechanism
+- Minimize shared resources
+- Reduce attack surface
+- Prevent cross-contamination
+
+### 5. Psychological Acceptability
+- Security must be usable
+- Don't make security so burdensome users circumvent it
+- Balance security with usability
+
+## Security Architecture for Different Environments
+
+### Commercial/Enterprise
+
+**Requirements:**
+- Protect intellectual property
+- Customer data protection
+- Regulatory compliance (SOC 2, ISO 27001)
+- Business continuity
+
+**Key Controls:**
+- Network segmentation
+- Endpoint protection
+- Email security (anti-phishing)
+- Data loss prevention
+- Privileged access management
+- Security awareness training
+
+### Government/Cleared
+
+**Requirements:**
+- Classified information protection
+- SCIF physical security
+- Continuous monitoring
+- Compliance (FedRAMP, NIST 800-53, CMMC)
+
+**Key Controls:**
+- Physical access controls
+- TEMPEST protection
+- Cross-domain solutions
+- Cryptographic key management
+- Personnel security integration
+- Audit trail requirements
+
+### Cloud-Native
+
+**Requirements:**
+- Dynamic infrastructure
+- API-first security
+- Container/K8s security
+- Serverless security
+- DevSecOps integration
+
+**Key Controls:**
+- Cloud Security Posture Management
+- Container image scanning
+- Runtime protection
+- Secrets management
+- Service mesh security
+- Infrastructure as Code scanning
+
+## Common Anti-Patterns (What NOT to Do)
+
+❌ **Security by Obscurity**
+- Hiding security mechanisms
+- Custom cryptography
+- Relying on secrecy of implementation
+
+❌ **Perimeter-Only Security**
+- Trusting everything inside network
+- No internal segmentation
+- "Hard shell, soft center"
+
+❌ **Security Afterthought**
+- Adding security after development
+- "We'll secure it later"
+- Bolting on security controls
+
+❌ **Over-Reliance on Single Control**
+- Firewall as only defense
+- Encryption as silver bullet
+- Lack of defense in depth
+
+## Security Architecture Review Checklist
+
+- [ ] Threat model completed and documented
+- [ ] Data classification performed
+- [ ] Network segmentation implemented
+- [ ] Encryption for data at-rest and in-transit
+- [ ] Strong authentication (MFA)
+- [ ] Least privilege access enforced
+- [ ] Logging and monitoring configured
+- [ ] Incident response plan documented
+- [ ] Regular security testing scheduled
+- [ ] Compliance requirements mapped
+- [ ] Security training for team
+- [ ] Third-party security assessed
+- [ ] Disaster recovery tested
+- [ ] Security updates automated where possible
+- [ ] Secrets management implemented