implementing-security-chaos-engineering

Solid

Implements security chaos engineering experiments that deliberately disable or degrade security controls to verify detection and response capabilities. Tests WAF bypass, firewall rule removal, log pipeline disruption, and EDR disablement scenarios using boto3 and subprocess. Use when validating SOC detection coverage and resilience.

AI & Automation 16,326 stars 1981 forks Updated 2 weeks ago Apache-2.0

Install

View on GitHub

Quality Score: 95/100

Stars 20%

100

Recency 20%

Frontmatter 20%

Documentation 15%

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Implementing Security Chaos Engineering ## When to Use - When deploying or configuring implementing security chaos engineering capabilities in your environment - When establishing security controls aligned to compliance requirements - When building or improving security architecture for this domain - When conducting security assessments that require this implementation ## Prerequisites - Familiarity with security operations concepts and tools - Access to a test or lab environment for safe execution - Python 3.8+ with required dependencies installed - Appropriate authorization for any testing activities ## Instructions Design and execute security chaos experiments that intentionally break security controls to verify that detection, alerting, and response systems work correctly. ```python # Example: Verify detection when a security group is opened import boto3 ec2 = boto3.client("ec2") # Chaos experiment: temporarily add 0.0.0.0/0 rule ec2.authorize_security_group_ingress( GroupId="sg-12345", IpProtocol="tcp", FromPort=22, ToPort=22, CidrIp="0.0.0.0/0", ) # Verify: does GuardDuty/Config alert fire within SLA? # Rollback: remove the rule after verification ``` Key experiments: 1. Open a security group and verify Config Rule alerts 2. Disable CloudTrail and verify detection time 3. Create IAM admin user and verify alert triggers 4. Simulate log pipeline failure and check monitoring gaps 5. Deploy test malware hash and verify EDR response ## Examples ```p...

Details

Author: mukul975
Repository: mukul975/Anthropic-Cybersecurity-Skills
Created: 3 months ago
Last Updated: 2 weeks ago
Language: Python
License: Apache-2.0

Bundled in these plugins

cybersecurity-skills

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

running-chaos-tests

Execute chaos engineering experiments to test system resilience. Use when performing specialized testing. Trigger with phrases like "run chaos tests", "test resilience", or "inject failures".

2,390 Updated today

jeremylongshore

AI & Automation Listed

chaos-engineering

When the user wants to design, run, or operate chaos experiments to validate system resilience. Use when the user mentions "chaos engineering," "chaos testing," "fault injection," "Chaos Monkey," "Chaos Mesh," "Gremlin," "Litmus," "Steadybit," "Toxiproxy," "AWS FIS," "kill the database," "latency injection," "GameDay," "blast radius," or "principles of chaos." For security testing see security-testing. For fault simulation in unit tests see wiremock and mutation-testing. For perf testing see k6 / gatling.

1 Updated yesterday

aks-builds

AI & Automation Listed

chaos-experiment

Design and document chaos engineering experiments. Guide steady state baseline, hypothesis formation, failure injection plans, and results analysis. Use when you say "design a chaos experiment", "plan a game day", "failure injection", "test resilience", or "chaos engineering". Do NOT use for security threat analysis (use threat-modeling) or pre-launch project risk identification (use pre-mortem).

35 Updated today

rjmurillo