{"id":45356140,"url":"https://github.com/pitimon/claude-cybersecurity-skill","last_synced_at":"2026-02-28T01:16:07.652Z","repository":{"id":339425317,"uuid":"1161285499","full_name":"pitimon/claude-cybersecurity-skill","owner":"pitimon","description":"Cybersecurity professional skill plugin for Claude Code — 12 domains: IR, DFIR, DevSecOps, SOC/SOAR, GitOps, Code Security, Container/Supply Chain, Threat Modeling, Compliance, Cloud Security/CSPM, Zero Trust, AI/ML Security. Bilingual Thai+English.","archived":false,"fork":false,"pushed_at":"2026-02-21T14:23:26.000Z","size":324,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-21T17:29:11.843Z","etag":null,"topics":["ai-security","claude-code","claude-code-plugin","cloud-security","compliance","cybersecurity","devsecops","incident-response","mitre-attack","nist","owasp","soc","threat-modeling","zero-trust"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pitimon.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-18T23:53:43.000Z","updated_at":"2026-02-21T14:23:19.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/pitimon/claude-cybersecurity-skill","commit_stats":null,"previous_names":["pitimon/claude-cybersecurity-skill"],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/pitimon/claude-cybersecurity-skill","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pitimon%2Fclaude-cybersecurity-skill","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pitimon%2Fclaude-cybersecurity-skill/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pitimon%2Fclaude-cybersecurity-skill/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pitimon%2Fclaude-cybersecurity-skill/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pitimon","download_url":"https://codeload.github.com/pitimon/claude-cybersecurity-skill/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pitimon%2Fclaude-cybersecurity-skill/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29922071,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-27T19:37:42.220Z","status":"ssl_error","status_checked_at":"2026-02-27T19:37:41.463Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-security","claude-code","claude-code-plugin","cloud-security","compliance","cybersecurity","devsecops","incident-response","mitre-attack","nist","owasp","soc","threat-modeling","zero-trust"],"created_at":"2026-02-21T13:03:22.584Z","updated_at":"2026-02-28T01:16:07.644Z","avatar_url":"https://github.com/pitimon.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# cybersecurity-pro\n\n**Enterprise Cybersecurity Skill for Claude Code**\n\nสร้างเอกสาร Cybersecurity ระดับมืออาชีพใน 30 วินาที — IR Playbooks, SOC Procedures,\nCompliance Audits, Cloud Security, AI Governance, OT/ICS Security และอีก 12 domains\nพร้อม output แบบ bilingual Thai + English ที่ map กับ NIST, MITRE ATT\u0026CK, OWASP, ISO frameworks\n\n[![Version](https://img.shields.io/badge/version-3.6.1-blue.svg)](CHANGELOG.md)\n[![CI](https://github.com/pitimon/claude-cybersecurity-skill/actions/workflows/validate.yml/badge.svg)](https://github.com/pitimon/claude-cybersecurity-skill/actions/workflows/validate.yml)\n[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)\n[![Domains](https://img.shields.io/badge/domains-18-orange.svg)](#capabilities-ความสามารถ--18-domains)\n[![Language](https://img.shields.io/badge/language-Thai%20%2B%20English-blueviolet.svg)](#bilingual-output-policy)\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**18 Domains** | **50+ Frameworks** | **\u003c 5% Context Budget**\n\nครอบคลุม 18 security domains ตั้งแต่ Incident Response ถึง OT/ICS Security —\nmap กับ 50+ international frameworks — ใช้ context เพียง ~8,600 tokens ต่อ request (\u003c 5% ของ 200K window)\n\n\u003c/div\u003e\n\n---\n\n## See It in Action (ลองใช้ใน 30 วินาที)\n\nพิมพ์ prompt เดียว — ได้ IR playbook ระดับ enterprise ทันที:\n\n```\n\u003e สร้าง IR playbook สำหรับ ransomware incident ตาม NIST 800-61\n รวม escalation matrix และ SLA timelines\n```\n\n**Output ที่ได้** (ตัวอย่างบางส่วน):\n\n```markdown\n## 1. การเตรียมพร้อม (Preparation)\n\n### 1.1 Ransomware-Specific Preparation Checklist\n\n- [ ] Offline backup verification (3-2-1 rule) — ทดสอบ restore ทุก 90 วัน\n- [ ] Network segmentation — isolate critical assets ตาม NIST SP 800-41\n- [ ] EDR deployment — verify coverage ≥ 95% endpoints\n ...\n\n## 3. การควบคุมและกำจัด (Containment \u0026 Eradication)\n\n### SLA Timeline\n\n| Severity | Detection → Triage | Triage → Containment | Containment → Eradication |\n| ----------- | ------------------ | -------------------- | ------------------------- |\n| P1-Critical | ≤ 15 min | ≤ 1 hour | ≤ 4 hours |\n\n...\n\n### Escalation Matrix\n\n| Level | Role | Trigger Condition | MITRE ATT\u0026CK |\n| ----- | ----------- | ----------------- | ---------------------- |\n| L1 | SOC Analyst | Initial alert | T1486 (Data Encrypted) |\n\n...\n```\n\nไม่ต้อง prompt engineer เอง — templates map กับ NIST 800-61, MITRE ATT\u0026CK, ISO 27035 ให้อัตโนมัติ\n\n---\n\n## Quick Start (เริ่มต้นใช้งาน)\n\n### Step 1: ติดตั้ง — รันใน Terminal Shell\n\nเปิด **terminal** (ไม่ใช่ใน Claude Code prompt) แล้วรันคำสั่งทั้ง 3 ตามลำดับ:\n\n```bash\n# 1. เพิ่ม marketplace\nclaude plugin marketplace add pitimon/claude-cybersecurity-skill\n\n# 2. ติดตั้ง plugin\nclaude plugin install cybersecurity-pro@pitimon-cybersecurity\n\n# 3. ตรวจสอบว่าติดตั้งสำเร็จ\nclaude doctor\n# Expected: ✓ cybersecurity-pro@pitimon-cybersecurity - OK\n```\n\n### Step 2: เริ่มใช้งาน — พิมพ์ใน Claude Code Prompt\n\nเปิด **Claude Code session ใหม่** (หรือพิมพ์ `/clear` เพื่อ reload skills) แล้วพิมพ์:\n\n```\n\u003e สร้าง IR playbook สำหรับ ransomware incident ตาม NIST 800-61\n```\n\nSkill จะถูก trigger อัตโนมัติเมื่อ prompt ตรงกับ keywords ของ domain ใด domain หนึ่ง — ไม่ต้องเรียก skill ด้วยตัวเอง\n\n### อัพเดท Plugin\n\n```bash\nclaude plugin marketplace update pitimon-cybersecurity\nclaude plugin install cybersecurity-pro@pitimon-cybersecurity\nclaude doctor # ตรวจสอบ version ใหม่\n# Restart Claude Code session เพื่อโหลด skill version ใหม่\n```\n\n\u003e ดูคู่มือฉบับเต็ม: [docs/INSTALL.md](docs/INSTALL.md) | สำหรับ air-gapped server ดู Manual Installation\n\n---\n\n## Why This Plugin (ทำไมต้องใช้ Plugin นี้)\n\n**Problem**: Claude Code เป็น general-purpose AI — ไม่มี cybersecurity domain expertise built-in ทำให้ต้องเขียน prompt ละเอียดทุกครั้ง และผลลัพธ์ไม่สม่ำเสมอ\n\n**Solution**: `cybersecurity-pro` โหลด professional templates และ framework mappings อัตโนมัติเมื่อ prompt ตรง trigger keywords\n\n### Value Propositions\n\n- **Enterprise-quality output ทันที** — Templates ออกแบบโดย security professionals พร้อม SLA, escalation, RACI matrices ในตัว ไม่ต้อง prompt engineer เอง\n- **Framework-mapped templates** — ทุก output map กับ frameworks จริง (NIST, MITRE ATT\u0026CK, OWASP, ISO 27001, CIS) — ไม่ต้องตรวจสอบความถูกต้องของ references เอง\n- **Bilingual Thai + English** — พร้อมใช้ในองค์กรไทย รองรับ พ.ร.บ. การรักษาความมั่นคงปลอดภัยไซเบอร์ พ.ศ. 2562 และ PDPA ใน compliance templates\n- **On-demand loading — ไม่กิน context** — มี 18 domains แต่โหลดแค่ 1 ต่อ request ใช้ context \u003c 5% ของ 200K window\n\n---\n\n## NIST CSF 2.0 Coverage Map\n\n18 domains ครอบคลุมทุก function ของ NIST Cybersecurity Framework 2.0:\n\n```\n┌─────────────────────────────────────────────────────────────────┐\n│ NIST CSF 2.0 FUNCTIONS │\n├────────────┬────────────────────────────────────────────────────┤\n│ │ │\n│ GOVERN │ D17 Security Governance \u0026 Executive Leadership │\n│ │ │\n├────────────┼────────────────────────────────────────────────────┤\n│ │ D8 Threat Modeling \u0026 Risk │\n│ IDENTIFY │ D9 Compliance Frameworks │\n│ │ D14 Vulnerability Management │\n│ │ D15 Threat Intelligence │\n│ │ D18 OT/ICS Security (OT asset management) │\n├────────────┼────────────────────────────────────────────────────┤\n│ │ D3 DevSecOps Pipeline │\n│ │ D5 GitOps Security │\n│ │ D6 Code Security Analysis │\n│ PROTECT │ D7 Container \u0026 Supply Chain │\n│ │ D10 Cloud Security \u0026 CSPM │\n│ │ D11 Zero Trust Architecture │\n│ │ D12 AI/ML Security │\n│ │ D13 API Security │\n│ │ D18 OT/ICS Security (OT network protection) │\n├────────────┼────────────────────────────────────────────────────┤\n│ DETECT │ D4 SOC Operations + SOAR │\n│ │ D15 Threat Intelligence │\n├────────────┼────────────────────────────────────────────────────┤\n│ RESPOND │ D1 IR Playbooks \u0026 Runbooks │\n│ │ D2 DFIR Reports │\n├────────────┼────────────────────────────────────────────────────┤\n│ RECOVER │ D1 IR Playbooks (post-mortem \u0026 lessons learned) │\n│ │ D14 Vulnerability Management (remediation) │\n├────────────┼────────────────────────────────────────────────────┤\n│ │ │\n│ CROSS- │ D16 Cross-Domain Integration Scenarios │\n│ DOMAIN │ (orchestrates all domains via SOAR \u0026 workflows) │\n│ │ │\n└────────────┴────────────────────────────────────────────────────┘\n```\n\n---\n\n## Capabilities (ความสามารถ — 18 Domains)\n\n### Security Operations\n\n| Domain | คำอธิบาย | Frameworks |\n| -------------------------------- | ---------------------------------------------------------------------------------- | ---------------------------------- |\n| **D1 — IR Playbooks \u0026 Runbooks** | Incident response playbooks พร้อม SLA, escalation matrix, post-mortem templates | NIST SP 800-61, ISO 27035, SANS IR |\n| **D2 — DFIR Reports** | Forensic investigation reports พร้อม chain of custody, evidence handling, timeline | Chain of Custody, IOC, Timeline |\n| **D4 — SOC Operations + SOAR** | SOC L1-L3 procedures, SIEM rules, SOAR automation playbooks, threat hunting | MITRE ATT\u0026CK, Cyber Kill Chain |\n\n### Secure Development\n\n| Domain | คำอธิบาย | Frameworks |\n| ---------------------------------- | ----------------------------------------------------------------------- | --------------------------------- |\n| **D3 — DevSecOps Pipeline** | CI/CD security pipeline configs สำหรับ GitHub Actions / GitLab CI | OWASP SAMM, OWASP Top 10, CIS |\n| **D6 — Code Security Analysis** | Static analysis ด้วย Semgrep/CodeQL, SARIF processing, variant analysis | CWE Top 25, SARIF 2.1.0 |\n| **D7 — Container \u0026 Supply Chain** | Container hardening, vulnerability scanning, SBOM, image signing | NIST SP 800-190, CIS Docker, SLSA |\n| **D13 — API Security** | OWASP API Top 10, JWT validation, OAuth 2.0 BCP, API gateway security | OWASP API Top 10 2023, RFC 9700 |\n| **D14 — Vulnerability Management** | Vulnerability lifecycle, CVSS/EPSS/KEV prioritization, patch management | CVSS v4.0, EPSS, CISA KEV, SSVC |\n\n### Governance \u0026 Compliance\n\n| Domain | คำอธิบาย | Frameworks |\n| ------------------------------- | ----------------------------------------------------------------------------- | -------------------------------------------------- |\n| **D5 — GitOps Security** | Policy-as-code frameworks สำหรับ ArgoCD, OPA, Falco | OPA/Gatekeeper, Falco, ArgoCD |\n| **D8 — Threat Modeling \u0026 Risk** | STRIDE/PASTA threat modeling, risk assessment, SOC 2/ISO 27001 | SOC 2, ISO 27001, STRIDE, PASTA, PDPA |\n| **D9 — Compliance Frameworks** | Compliance assessments, gap analyses, control mappings | NIST 800-53, PCI DSS v4.0.1, GDPR, HIPAA, CIS v8.1 |\n| **D17 — Security Governance** | Executive governance, board reporting, maturity models, CISO/CAIO/CAISO roles | NIST CSF 2.0 GOVERN, ISO 27014, C2M2 |\n\n### Cloud \u0026 Architecture\n\n| Domain | คำอธิบาย | Frameworks |\n| --------------------------------- | -------------------------------------------------------------------- | --------------------------------------------------- |\n| **D10 — Cloud Security \u0026 CSPM** | Cloud security audits, IAM reviews, CSPM configs (AWS/Azure/GCP) | CIS Cloud Benchmarks, CSA CCM v4.1, NIST 800-144 |\n| **D11 — Zero Trust Architecture** | ZTA maturity assessments, implementation roadmaps, microsegmentation | NIST 800-207, CISA ZT Maturity Model, Forrester ZTX |\n| **D12 — AI/ML Security** | AI security assessments, LLM guardrails, AI red team, AI governance | OWASP LLM Top 10, NIST AI RMF, MITRE ATLAS |\n\n### Industrial \u0026 OT\n\n| Domain | คำอธิบาย | Frameworks |\n| ------------------------- | --------------------------------------------------------------------------- | ------------------------------------------------- |\n| **D18 — OT/ICS Security** | OT/ICS security assessments, Purdue Model segmentation, SCADA/PLC hardening | NIST SP 800-82 Rev.3, IEC 62443, MITRE ATT\u0026CK ICS |\n\n### Intelligence \u0026 Integration\n\n| Domain | คำอธิบาย | Frameworks |\n| ---------------------------------- | ------------------------------------------------------------------------------ | ------------------------------------------- |\n| **D15 — Threat Intelligence** | TI program design, STIX/TAXII integration, IOC lifecycle, intelligence sharing | STIX 2.1, TAXII 2.1, TLP 2.0, Diamond Model |\n| **D16 — Cross-Domain Integration** | End-to-end security workflows, SOAR orchestration, multi-domain scenarios | NIST CSF 2.0, All domain frameworks |\n\n---\n\n## Usage Examples (ตัวอย่างการใช้งาน)\n\nตัวอย่าง prompt ที่พิมพ์ **ใน Claude Code** — skill จะ trigger อัตโนมัติจาก keywords\n\n### IR Playbook\n\n```\n\u003e สร้าง IR playbook สำหรับ ransomware incident ตาม NIST 800-61\n รวม escalation matrix และ SLA timelines\n```\n\n### SOC + SOAR\n\n```\n\u003e สร้าง SOAR playbook สำหรับ automated phishing response\n รวม enrichment sources และ containment actions\n```\n\n### Compliance\n\n```\n\u003e สร้าง NIST 800-53 gap assessment สำหรับ cloud environment\n พร้อม PCI DSS v4.0 control mapping และ CIS Controls roadmap\n```\n\n### Cloud Security\n\n```\n\u003e ทำ cloud security audit สำหรับ AWS environment\n ตรวจสอบ IAM policies, S3 buckets, Security Groups ตาม CIS Benchmarks\n```\n\n### AI/ML Security\n\n```\n\u003e สร้าง AI security assessment สำหรับ LLM application\n ตรวจสอบ prompt injection defense และ OWASP LLM Top 10 compliance\n```\n\n### Security Governance\n\n```\n\u003e สร้าง security governance framework ตาม NIST CSF 2.0 GOVERN\n พร้อม board reporting template, CISO/CAIO/CAISO RACI matrix, และ C2M2 maturity assessment\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eดูตัวอย่างเพิ่มเติมทั้ง 18 domains →\u003c/summary\u003e\n\n### DFIR Report\n\n```\n\u003e สร้างแม่แบบ DFIR report สำหรับ memory forensics investigation\n ต้องมี chain of custody form และ evidence handling procedures\n```\n\n### Code Security Analysis\n\n```\n\u003e สร้าง Semgrep custom rules สำหรับตรวจจับ SQL injection ด้วย taint mode\n พร้อม GitHub Actions pipeline ที่รวม CodeQL\n```\n\n### Container Security\n\n```\n\u003e สร้าง Dockerfile hardening guide สำหรับ Node.js application\n รวม Trivy scanning, SBOM generation, และ cosign signing\n```\n\n### Threat Modeling\n\n```\n\u003e สร้าง STRIDE threat model สำหรับ web application\n รวม risk matrix และ SOC 2 compliance mapping\n```\n\n### Zero Trust\n\n```\n\u003e สร้าง Zero Trust implementation roadmap ตาม NIST 800-207\n รวม maturity assessment และ microsegmentation plan\n```\n\n### API Security\n\n```\n\u003e สร้าง API security assessment ตาม OWASP API Top 10\n ตรวจสอบ BOLA, JWT validation, rate limiting พร้อม API gateway config\n```\n\n### Vulnerability Management\n\n```\n\u003e สร้าง vulnerability management program พร้อม CVSS+EPSS+KEV prioritization\n รวม SLA templates, patch management workflow, และ executive dashboard\n```\n\n### Threat Intelligence\n\n```\n\u003e สร้าง threat intelligence program ด้วย STIX/TAXII integration\n รวม MISP setup, IOC lifecycle management, และ TLP 2.0 sharing procedures\n```\n\n### Cross-Domain Integration\n\n```\n\u003e ออกแบบ end-to-end security workflow ตั้งแต่ threat intelligence ถึง incident response\n พร้อม SOAR orchestration template และ cross-domain metrics dashboard\n```\n\n### OT/ICS Security\n\n```\n\u003e สร้าง OT security assessment ตาม NIST 800-82 และ IEC 62443\n รวม Purdue Model network segmentation design และ PLC hardening checklist\n```\n\n\u003c/details\u003e\n\n---\n\n## Architecture \u0026 Token Budget (สถาปัตยกรรมและงบ Token)\n\n### How It Works\n\n```\nUser prompt → keyword match in SKILL.md frontmatter\n → SKILL.md loaded (~3,400 tokens: language policy, frameworks, decision tree)\n → Decision tree selects domain\n → Corresponding references/*.md loaded on-demand (~3,000-5,000 tokens)\n → Output generated following templates in reference file\n```\n\n### Token Budget\n\n**On-demand loading**: มี 18 domains แต่โหลดแค่ 1 ต่อ request\n\n| Component | Tokens | หมายเหตุ |\n| ------------------------ | ------------ | ------------------------------------- |\n| SKILL.md (always loaded) | ~3,600 | Router + language policy + frameworks |\n| Reference file (1 of 18) | ~3,000-5,000 | โหลดเฉพาะ domain ที่ trigger |\n| **Max per request** | **~8,600** | **\u003c 5% ของ 200K context window** |\n| Total all files | ~82,000 | ไม่โหลดทั้งหมดพร้อมกัน |\n\n### Skill Engineering Techniques\n\nเทคนิคที่ใช้ออกแบบ plugin นี้ — เป็นแนวทางสำหรับผู้ที่ต้องการสร้าง Claude Code skill ของตัวเอง:\n\n1. **On-demand reference loading** — โหลดเฉพาะ domain ที่ user ต้องการ เพิ่ม domains ได้โดยไม่เพิ่ม base context cost (ปัจจุบัน 18 domains)\n2. **Composite reference files** — รวม topics ที่เกี่ยวข้องเป็นไฟล์เดียว (เช่น Semgrep + CodeQL + SARIF → `code-security-analysis.md`)\n3. **Framework-first templates** — Templates map กับ framework controls (NIST, MITRE ATT\u0026CK IDs, CWE) ทำให้ output มี reference ที่ถูกต้อง\n4. **Bilingual output policy** — Thai prose + English terms ใน output เดียว ไม่ต้องสร้าง 2 versions\n5. **SKILL.md as compact router** — Decision tree ใน \u003c 300 lines ทำหน้าที่เป็น lightweight router\n\n---\n\n## Comparison (เปรียบเทียบ)\n\n| Aspect | Manual Prompting | cybersecurity-pro | Enterprise Tools |\n| ---------------------- | ----------------- | ------------------------------ | ---------------- |\n| **Setup time** | 0 | 3 commands, 30 sec | Weeks-months |\n| **Framework mapping** | Manual research | Auto-mapped (50+ frameworks) | Vendor-specific |\n| **Bilingual TH+EN** | DIY every time | Built-in policy | Limited/none |\n| **Thai compliance** | Must research | พ.ร.บ. ไซเบอร์ / PDPA included | Varies |\n| **Output consistency** | Varies per prompt | Standardized templates | Standardized |\n| **Context overhead** | Variable | \u003c 5% (8,600 tokens) | N/A |\n| **Cost** | Free | Free (MIT) | $$$$ |\n| **Maintenance** | Manual updates | Community-maintained | Vendor-dependent |\n\n---\n\n## Frameworks \u0026 Standards\n\nOutputs อ้างอิง frameworks เหล่านี้ตามความเหมาะสม — จัดกลุ่มตาม audience:\n\n### SOC / IR Teams\n\n- **MITRE ATT\u0026CK** / **MITRE D3FEND** — Tactic \u0026 technique mapping\n- **NIST SP 800-61 Rev.2** — Incident response lifecycle\n- **ISO 27035** — Incident management\n- **Cyber Kill Chain** — Attack phase analysis\n- **Diamond Model** — Intrusion analysis\n\n### DevSecOps / AppSec\n\n- **OWASP Top 10** / **OWASP SAMM** — Application security\n- **OWASP API Security Top 10** — API vulnerability risks\n- **CWE Top 25** / **SARIF 2.1.0** — Code vulnerability classification\n- **CIS Docker Benchmark** / **SLSA** — Container \u0026 supply chain\n- **NIST SP 800-190** — Container security\n\n### Compliance / GRC\n\n- **NIST SP 800-53 Rev 5** — Security \u0026 privacy controls\n- **PCI DSS v4.0.1** — Payment card industry\n- **GDPR** / **HIPAA** — Data protection \u0026 healthcare\n- **CIS Controls v8.1** — Prioritized security practices\n- **SOC 2** / **ISO 27001:2022** — Information security management\n- **พ.ร.บ. ไซเบอร์ 2562** / **PDPA** — Thai cybersecurity \u0026 data privacy law\n\n### Executive / Governance\n\n- **NIST CSF 2.0** — Cybersecurity framework (GOVERN function)\n- **ISO 27014:2020** — Information security governance\n- **C2M2** — Cybersecurity capability maturity model\n- **SEC Cybersecurity Rules** — Disclosure requirements\n\n### Cloud / Zero Trust\n\n- **CIS Cloud Benchmarks** / **CSA CCM v4.1** — Cloud security posture\n- **NIST SP 800-207** — Zero Trust Architecture\n- **CISA Zero Trust Maturity Model** — ZTA implementation\n- **NIST SP 800-144** — Cloud computing guidelines\n\n### AI Security\n\n- **OWASP Top 10 for LLM Apps** — AI/LLM application security\n- **NIST AI RMF** / **MITRE ATLAS** — AI risk management \u0026 threats\n- **EU AI Act** / **ISO 42001** — AI governance \u0026 regulation\n\n### Industrial / OT\n\n- **NIST SP 800-82 Rev.3** — OT/ICS security guide\n- **IEC 62443** (ISA/IEC) — Industrial automation and control system security\n- **Purdue Model / ISA-95** — OT network segmentation architecture\n- **MITRE ATT\u0026CK for ICS** — ICS-specific tactics, techniques, and procedures\n- **NERC CIP** — North American electric grid reliability standards\n\n### Threat Intelligence\n\n- **STIX 2.1** / **TAXII 2.1** — Threat information expression \u0026 sharing\n- **Traffic Light Protocol 2.0** — Intelligence sharing classification\n- **CVSS v4.0** / **EPSS** — Vulnerability scoring \u0026 exploit prediction\n- **CISA KEV** / **SSVC** — Known exploited vulnerabilities \u0026 prioritization\n\n---\n\n## Repository Structure (โครงสร้าง Repository)\n\n```\nclaude-cybersecurity-skill/\n├── .claude-plugin/\n│ ├── marketplace.json # Marketplace metadata\n│ └── plugin.json # Plugin metadata (v3.6.1)\n├── skills/\n│ └── cybersecurity-pro/\n│ ├── SKILL.md # Skill definition \u0026 decision tree\n│ └── references/\n│ ├── ir-playbooks.md # IR playbook + post-mortem templates\n│ ├── dfir-reports.md # Forensic report templates\n│ ├── devsecops-pipeline.md # CI/CD security configs\n│ ├── soc-operations.md # SOC L1-L3 + SOAR automation\n│ ├── gitops-security.md # GitOps security policies\n│ ├── code-security-analysis.md # Semgrep/CodeQL/SARIF/Variant\n│ ├── container-supply-chain.md # Container hardening/SBOM/signing\n│ ├── compliance-threat-modeling.md # STRIDE/PASTA/Risk/SOC2/ISO27001\n│ ├── compliance-frameworks.md # NIST 800-53/PCI DSS/GDPR/HIPAA/CIS\n│ ├── cloud-security-cspm.md # Cloud Security/IAM/CSPM/Multi-cloud\n│ ├── zero-trust-architecture.md # ZTA/NIST 800-207/Microsegmentation\n│ ├── ai-ml-security.md # AI/ML/LLM Security/MITRE ATLAS\n│ ├── api-security.md # OWASP API Top 10/JWT/OAuth/Gateway\n│ ├── vulnerability-management.md # CVSS/EPSS/KEV/Patch Management\n│ ├── threat-intelligence.md # STIX/TAXII/IOC/TLP/MISP/OpenCTI\n│ ├── cross-domain-integration.md # End-to-end workflows/orchestration\n│ ├── security-governance-executive.md # CISO/CAIO/CAISO/Board/Maturity\n│ └── ot-ics-security.md # OT/ICS/SCADA/Purdue/IEC 62443\n├── frameworks.json # Framework version manifest (54 entries)\n├── docs/\n│ ├── INSTALL.md # Installation guide\n│ ├── TROUBLESHOOTING.md # Troubleshooting guide\n│ └── FRAMEWORK-UPDATE-RUNBOOK.md # Framework update procedures\n├── tests/\n│ ├── validate-plugin.sh # Structural validation (61+ checks)\n│ └── check-framework-updates.sh # Ad-hoc framework staleness checker\n├── .github/\n│ └── workflows/\n│ ├── validate.yml # CI on push/PR\n│ └── framework-review.yml # Quarterly framework review\n├── CHANGELOG.md # Version history\n├── CLAUDE.md # Claude Code guidance\n└── README.md # This file\n```\n\n---\n\n## Plugin Details\n\n| Field | Value |\n| --------------- | ----------------------------------------- |\n| **Plugin name** | `cybersecurity-pro` |\n| **Marketplace** | `pitimon-cybersecurity` |\n| **Install key** | `cybersecurity-pro@pitimon-cybersecurity` |\n| **Version** | 3.6.1 |\n| **Category** | Security |\n| **Author** | P.Itarun |\n| **Language** | Bilingual Thai + English |\n| **Domains** | 18 |\n\n---\n\n## Contributing\n\n1. Fork repository\n2. สร้าง feature branch (`git checkout -b feat/new-domain`)\n3. Commit changes (`git commit -m \"feat: add new-domain reference\"`)\n4. Push branch (`git push origin feat/new-domain`)\n5. เปิด Pull Request\n\n### เพิ่ม Domain ใหม่\n\n1. สร้างไฟล์ `skills/cybersecurity-pro/references/\u003cdomain-name\u003e.md`\n2. อัพเดท `SKILL.md` — เพิ่ม domain entry + trigger keywords + decision tree branch\n3. อัพเดท `README.md` — เพิ่มใน capabilities table\n4. อัพเดท `CLAUDE.md` — เพิ่มใน domain table\n5. เพิ่ม entry ใน `CHANGELOG.md`\n6. หาก domain มี versioned frameworks ใหม่ — เพิ่ม entries ใน `frameworks.json` พร้อม grep patterns และ used_in file lists\n\n---\n\n## Troubleshooting (แก้ไขปัญหา)\n\n| ปัญหา | วิธีแก้ |\n| ------------------------------------ | ----------------------------------------------------------------- |\n| `claude doctor` แสดง \"Invalid input\" | ตรวจสอบ `source` ใน `known_marketplaces.json` ต้องเป็น `\"github\"` |\n| Plugin ไม่แสดงหลังติดตั้ง | ตรวจสอบชื่อ marketplace ใน 3 config files ต้องตรงกัน |\n| Skill ไม่ trigger | Restart session (`/clear`) แล้วใช้ trigger keywords |\n\n\u003e ดูคู่มือแก้ไขปัญหาฉบับเต็ม: [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md)\n\n---\n\n## Related Plugins\n\n| Plugin | คำอธิบาย | Install |\n| ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- |\n| **[shannon-pentest](https://github.com/pitimon/shannon-pentest)** | Autonomous penetration testing orchestrator — configure targets, launch Docker-based multi-agent scans, monitor Temporal workflows, and analyze security findings. ใช้ร่วมกับ cybersecurity-pro เพื่อ remediation guidance หลังพบ vulnerabilities | `claude plugin install shannon-pentest@pitimon-shannon` |\n\n\u003e **Complementary workflow**: Shannon ค้นหา vulnerabilities (offensive) → cybersecurity-pro สร้าง remediation plans, IR playbooks, compliance mapping (defensive)\n\n---\n\n## Links\n\n- [Installation Guide](docs/INSTALL.md)\n- [Troubleshooting Guide](docs/TROUBLESHOOTING.md)\n- [Changelog](CHANGELOG.md)\n- [GitHub Issues](https://github.com/pitimon/claude-cybersecurity-skill/issues)\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpitimon%2Fclaude-cybersecurity-skill","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpitimon%2Fclaude-cybersecurity-skill","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpitimon%2Fclaude-cybersecurity-skill/lists"}