ワンクリックで
llm_rules_tk
llm_rules_tk には cwrricio から収集した 21 個の skills があり、リポジトリ単位の職業カバレッジとサイト内 skill 詳細ページを表示します。
このリポジトリの skills
Generate Snort 3.9.7.0 IDS rules from a natural-language operator intent. Use whenever you need to write a new rule, refine an existing one, or recover from a syntax error.
Reuse Snort rules that already fired in past experiments. ALWAYS consult this skill at the start of every cycle BEFORE writing a new rule. Validated rules are known-good detection patterns persisted per attack_id under data/validated_rules/.
How to produce an evasion variant of a previously successful attack. Use this when request_variant=True on the attacker request.
How to execute the selected attack container on the attacker host and interpret the result.
How to map an operator intent to one of the attacks discovered on the attacker host. Use this before calling execute_attack.
Rule-generation refinement playbook for MQTT Brute Force — credential brute force against MQTT brokers on TCP port 1883 using dictionary attacks. Load when the operator intent maps to attack_id mqtt-bruteforce.
Rule-generation refinement playbook for MQTT LWT Abuse — abuse of MQTT Last Will and Testament to publish malicious payloads under the broker's trusted identity. Load when the operator intent maps to attack_id mqtt-lwt-abuse.
Rule-generation refinement playbook for MQTT Publisher Flood — PUBLISH flood saturating broker memory, bandwidth, and subscriber processing pipelines. Load when the operator intent maps to attack_id mqtt-publisher-flood.
Rule-generation refinement playbook for MQTT QoS Amplification — memory amplification by leaving QoS 2 handshakes incomplete (PUBLISH/PUBREC, no PUBREL). Load when the operator intent maps to attack_id mqtt-qos-amplification.
Rule-generation refinement playbook for XRCE-DDS Entity Flood — exhaustion of the XRCE-DDS Agent object tables by creating thousands of Participant/Topic/Publisher/DataWriter entities. Load when the operator intent maps to attack_id xrce-dds-entity-flood.
Rule-generation refinement playbook for XRCE-DDS Fragment Abuse — abuse of RTPS DATA_FRAG reassembly with incomplete, overlapping or flood fragments. Load when the operator intent maps to attack_id xrce-dds-fragment-abuse.
Rule-generation refinement playbook for XRCE-DDS Malformed Inject — injection of malformed XCDR payloads into an established session targeting the Micro CDR deserializer. Load when the operator intent maps to attack_id xrce-dds-malformed-inject.
Rule-generation refinement playbook for XRCE-DDS Session Hijack — brute force of hardcoded XRCE client_key values to hijack legitimate sessions. Load when the operator intent maps to attack_id xrce-dds-session-hijack.
Rule-generation refinement playbook for XRCE-DDS Time Desync — desynchronization of the client/agent clock via manipulated time_offset, corrupting sensor timestamps. Load when the operator intent maps to attack_id xrce-dds-time-desync.
Rule-generation refinement playbook for XRCE-DDS UDP DoS — UDP flood targeting the XRCE-DDS Agent on port 8888 using uxr_ping_agent_attempts(). Load when the operator intent maps to attack_id xrce-dds-udp-dos.
How to check the IDS alert log after an attack and decide whether the rule converged or needs refinement.
How and when to persist a rule attempt to the experiment record (metrics.csv and experiment.json).
How to assign a SID and deploy a validated Snort rule to the live IDS via the assign_sid and deploy_rule tools.
How to validate a candidate Snort rule against the live IDS before deployment, interpret the result, and recover from syntax errors.
Hard rule about fixed attack destinations (IP and port). Read this before generating rules or planning attacks.
The shared protocol for one variant cycle in a Rules Farmer experiment. Read this before starting any cycle.