Hugging Face's logo

Spaces:
capta1n
/
bas2-0
Running

App Files Community
capta1n commited on
Commit
125738b
·
verified ·
1 Parent(s): bb9dcf8

Add 2 files

Browse files
Files changed (2) hide show
  1. README.md +7 -5
  2. index.html +957 -19
README.md CHANGED
@@ -1,10 +1,12 @@
1
  ---
2
- title: Bas2 0
3
- emoji: 🌍
4
- colorFrom: gray
5
- colorTo: indigo
6
  sdk: static
7
  pinned: false
 
 
8
  ---
9
 
10
- Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
 
1
  ---
2
+ title: bas2-0
3
+ emoji: 🐳
4
+ colorFrom: yellow
5
+ colorTo: gray
6
  sdk: static
7
  pinned: false
8
+ tags:
9
+ - deepsite
10
  ---
11
 
12
+ Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
index.html CHANGED
@@ -1,19 +1,957 @@
1
- <!doctype html>
2
- <html>
3
- <head>
4
- <meta charset="utf-8" />
5
- <meta name="viewport" content="width=device-width" />
6
- <title>My static Space</title>
7
- <link rel="stylesheet" href="style.css" />
8
- </head>
9
- <body>
10
- <div class="card">
11
- <h1>Welcome to your static Space!</h1>
12
- <p>You can modify this app directly by editing <i>index.html</i> in the Files and versions tab.</p>
13
- <p>
14
- Also don't forget to check the
15
- <a href="https://huggingface.co/docs/hub/spaces" target="_blank">Spaces documentation</a>.
16
- </p>
17
- </div>
18
- </body>
19
- </html>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>Cyber Attack Simulation</title>
7
+ <script src="https://cdn.tailwindcss.com"></script>
8
+ <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
9
+ <style>
10
+ @keyframes pulse {
11
+ 0%, 100% { opacity: 1; }
12
+ 50% { opacity: 0.5; }
13
+ }
14
+ @keyframes slideIn {
15
+ from { transform: translateX(-50px); opacity: 0; }
16
+ to { transform: translateX(0); opacity: 1; }
17
+ }
18
+ @keyframes highlight {
19
+ 0% { background-color: transparent; }
20
+ 50% { background-color: rgba(239, 68, 68, 0.3); }
21
+ 100% { background-color: transparent; }
22
+ }
23
+ .attack-path {
24
+ stroke-dasharray: 1000;
25
+ stroke-dashoffset: 1000;
26
+ animation: dash 3s linear forwards;
27
+ }
28
+ @keyframes dash {
29
+ to { stroke-dashoffset: 0; }
30
+ }
31
+ .phase-container {
32
+ transition: all 0.3s ease;
33
+ }
34
+ .phase-container:hover {
35
+ transform: scale(1.02);
36
+ box-shadow: 0 10px 25px -5px rgba(0, 0, 0, 0.1);
37
+ }
38
+ .malware-pulse {
39
+ animation: pulse 2s infinite;
40
+ }
41
+ .slide-in {
42
+ animation: slideIn 0.5s ease-out forwards;
43
+ }
44
+ .highlight-step {
45
+ animation: highlight 1.5s ease-in-out;
46
+ }
47
+ </style>
48
+ </head>
49
+ <body class="bg-gray-100 font-sans">
50
+ <div class="container mx-auto px-4 py-8">
51
+ <div class="text-center mb-12">
52
+ <h1 class="text-4xl font-bold text-gray-800 mb-2">Advanced Persistent Threat Simulation</h1>
53
+ <p class="text-xl text-gray-600">Visualizing the attack lifecycle from phishing to data exfiltration</p>
54
+ </div>
55
+
56
+ <!-- Attack Flow Visualization -->
57
+ <div class="relative mb-16">
58
+ <div class="flex justify-between items-center mb-8">
59
+ <div class="w-1/2 text-right pr-4">
60
+ <div class="inline-block bg-red-500 text-white px-4 py-2 rounded-lg shadow-lg">
61
+ <i class="fas fa-user-secret mr-2"></i> Attacker
62
+ </div>
63
+ </div>
64
+ <div class="w-1/2 pl-4">
65
+ <div class="inline-block bg-blue-500 text-white px-4 py-2 rounded-lg shadow-lg">
66
+ <i class="fas fa-user mr-2"></i> Victim
67
+ </div>
68
+ </div>
69
+ </div>
70
+
71
+ <!-- SVG Connectors -->
72
+ <svg class="absolute top-0 left-0 w-full h-full" style="z-index: -1;">
73
+ <path id="attack-path" class="attack-path" stroke="#6B7280" stroke-width="2" fill="none"
74
+ d="M20,100 Q250,100 250,200 Q250,300 480,300" />
75
+ <path id="response-path" class="attack-path" stroke="#6B7280" stroke-width="2" fill="none"
76
+ d="M480,300 Q250,300 250,400 Q250,500 20,500" />
77
+ </svg>
78
+
79
+ <!-- Attack Phases -->
80
+ <div class="space-y-20">
81
+ <!-- Phase 1 -->
82
+ <div class="phase-container bg-white rounded-xl shadow-md overflow-hidden slide-in">
83
+ <div class="flex flex-col md:flex-row">
84
+ <div class="w-full md:w-1/2 p-6 order-2 md:order-1">
85
+ <div class="flex items-center mb-4">
86
+ <div class="bg-red-100 text-red-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
87
+ <span class="font-bold">1</span>
88
+ </div>
89
+ <h3 class="text-xl font-semibold text-gray-800">Phase 1: Crafting Phishing Email</h3>
90
+ </div>
91
+ <div class="ml-14">
92
+ <div class="mb-3 flex items-start">
93
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
94
+ <p>Email subject: "Urgent Notice: Abnormal Login Alert on Your Alibaba Cloud Account"</p>
95
+ </div>
96
+ <div class="mb-3 flex items-start">
97
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
98
+ <p>Mimics official Alibaba Cloud template requesting "immediate account verification"</p>
99
+ </div>
100
+ <div class="mb-3 flex items-start">
101
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
102
+ <p>Attachment: Disguised as PDF/Word document</p>
103
+ </div>
104
+ <div class="mb-3 flex items-start">
105
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
106
+ <p>Link: Points to phishing site with typo-squatted domain</p>
107
+ </div>
108
+ </div>
109
+ </div>
110
+ <div class="w-full md:w-1/2 bg-gray-50 p-6 order-1 md:order-2">
111
+ <div class="flex items-center mb-4">
112
+ <div class="bg-blue-100 text-blue-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
113
+ <span class="font-bold">1</span>
114
+ </div>
115
+ <h3 class="text-xl font-semibold text-gray-800">Victim Action</h3>
116
+ </div>
117
+ <div class="ml-14">
118
+ <div class="mb-3 flex items-start">
119
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
120
+ <p>Opens the email and views contents</p>
121
+ </div>
122
+ <div class="mb-3 flex items-start">
123
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
124
+ <p>Clicks link or downloads attachment</p>
125
+ </div>
126
+ <div class="mb-3 flex items-start">
127
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
128
+ <p>Triggers malicious payload execution</p>
129
+ </div>
130
+ </div>
131
+ </div>
132
+ </div>
133
+ </div>
134
+
135
+ <!-- Phase 2 -->
136
+ <div class="phase-container bg-white rounded-xl shadow-md overflow-hidden slide-in" style="animation-delay: 0.2s;">
137
+ <div class="flex flex-col md:flex-row">
138
+ <div class="w-full md:w-1/2 p-6 order-2 md:order-1">
139
+ <div class="flex items-center mb-4">
140
+ <div class="bg-red-100 text-red-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
141
+ <span class="font-bold">2</span>
142
+ </div>
143
+ <h3 class="text-xl font-semibold text-gray-800">Phase 2: Malicious Payload Execution</h3>
144
+ </div>
145
+ <div class="ml-14">
146
+ <div class="mb-3 flex items-start">
147
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
148
+ <p>Malicious document downloads and executes code</p>
149
+ </div>
150
+ <div class="mb-3 flex items-start">
151
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
152
+ <p>Phishing site steals user credentials</p>
153
+ </div>
154
+ <div class="mb-3 flex items-start">
155
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
156
+ <p>Establishes communication channel with attacker</p>
157
+ </div>
158
+ </div>
159
+ </div>
160
+ <div class="w-full md:w-1/2 bg-gray-50 p-6 order-1 md:order-2">
161
+ <div class="flex items-center mb-4">
162
+ <div class="bg-blue-100 text-blue-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
163
+ <span class="font-bold">2</span>
164
+ </div>
165
+ <h3 class="text-xl font-semibold text-gray-800">System Compromise</h3>
166
+ </div>
167
+ <div class="ml-14">
168
+ <div class="mb-3 flex items-start">
169
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
170
+ <p>PC executes malicious code</p>
171
+ </div>
172
+ <div class="mb-3 flex items-start">
173
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
174
+ <p>Attacker gains control of system</p>
175
+ </div>
176
+ <div class="relative mt-6 h-20">
177
+ <div class="absolute malware-pulse bg-red-500 text-white px-3 py-1 rounded-full text-sm">
178
+ <i class="fas fa-bug mr-1"></i> Malware Active
179
+ </div>
180
+ </div>
181
+ </div>
182
+ </div>
183
+ </div>
184
+ </div>
185
+
186
+ <!-- Phase 3 -->
187
+ <div class="phase-container bg-white rounded-xl shadow-md overflow-hidden slide-in" style="animation-delay: 0.4s;">
188
+ <div class="flex flex-col md:flex-row">
189
+ <div class="w-full md:w-1/2 p-6 order-2 md:order-1">
190
+ <div class="flex items-center mb-4">
191
+ <div class="bg-red-100 text-red-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
192
+ <span class="font-bold">3</span>
193
+ </div>
194
+ <h3 class="text-xl font-semibold text-gray-800">Phase 3: C2 Implantation</h3>
195
+ </div>
196
+ <div class="ml-14">
197
+ <div class="mb-3 flex items-start">
198
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
199
+ <p>Deploys backdoor program</p>
200
+ </div>
201
+ <div class="mb-3 flex items-start">
202
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
203
+ <p>Configures persistence mechanisms</p>
204
+ </div>
205
+ <div class="mb-3 flex items-start">
206
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
207
+ <p>Sets up reverse proxy to disguise communication</p>
208
+ </div>
209
+ </div>
210
+ </div>
211
+ <div class="w-full md:w-1/2 bg-gray-50 p-6 order-1 md:order-2">
212
+ <div class="flex items-center mb-4">
213
+ <div class="bg-blue-100 text-blue-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
214
+ <span class="font-bold">3</span>
215
+ </div>
216
+ <h3 class="text-xl font-semibold text-gray-800">System Persistence</h3>
217
+ </div>
218
+ <div class="ml-14">
219
+ <div class="mb-3 flex items-start">
220
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
221
+ <p>Backdoor program remains active</p>
222
+ </div>
223
+ <div class="mb-3 flex items-start">
224
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
225
+ <p>Attacker maintains continuous control</p>
226
+ </div>
227
+ <div class="relative mt-6">
228
+ <div class="flex space-x-2">
229
+ <div class="bg-red-100 text-red-800 px-3 py-1 rounded-full text-sm">
230
+ <i class="fas fa-server mr-1"></i> C2 Active
231
+ </div>
232
+ <div class="bg-purple-100 text-purple-800 px-3 py-1 rounded-full text-sm">
233
+ <i class="fas fa-sync-alt mr-1"></i> Beaconing
234
+ </div>
235
+ </div>
236
+ </div>
237
+ </div>
238
+ </div>
239
+ </div>
240
+ </div>
241
+
242
+ <!-- Phase 4 -->
243
+ <div class="phase-container bg-white rounded-xl shadow-md overflow-hidden slide-in" style="animation-delay: 0.6s;">
244
+ <div class="flex flex-col md:flex-row">
245
+ <div class="w-full md:w-1/2 p-6 order-2 md:order-1">
246
+ <div class="flex items-center mb-4">
247
+ <div class="bg-red-100 text-red-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
248
+ <span class="font-bold">4</span>
249
+ </div>
250
+ <h3 class="text-xl font-semibold text-gray-800">Phase 4: Credential Theft</h3>
251
+ </div>
252
+ <div class="ml-14">
253
+ <div class="mb-3 flex items-start">
254
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
255
+ <p>Steals browser cookies and saved passwords</p>
256
+ </div>
257
+ <div class="mb-3 flex items-start">
258
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
259
+ <p>Searches for and exfiltrates SSH keys</p>
260
+ </div>
261
+ <div class="mb-3 flex items-start">
262
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
263
+ <p>Prepares credentials for lateral movement</p>
264
+ </div>
265
+ </div>
266
+ </div>
267
+ <div class="w-full md:w-1/2 bg-gray-50 p-6 order-1 md:order-2">
268
+ <div class="flex items-center mb-4">
269
+ <div class="bg-blue-100 text-blue-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
270
+ <span class="font-bold">4</span>
271
+ </div>
272
+ <h3 class="text-xl font-semibold text-gray-800">Data Compromise</h3>
273
+ </div>
274
+ <div class="ml-14">
275
+ <div class="mb-3 flex items-start">
276
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
277
+ <p>Browser cookies stolen</p>
278
+ </div>
279
+ <div class="mb-3 flex items-start">
280
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
281
+ <p>SSH keys compromised</p>
282
+ </div>
283
+ <div class="mb-3 flex items-start">
284
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
285
+ <p>Attacker prepares for network penetration</p>
286
+ </div>
287
+ <div class="relative mt-6">
288
+ <div class="bg-yellow-100 text-yellow-800 px-3 py-1 rounded-full text-sm inline-block">
289
+ <i class="fas fa-key mr-1"></i> Credentials Stolen
290
+ </div>
291
+ </div>
292
+ </div>
293
+ </div>
294
+ </div>
295
+ </div>
296
+
297
+ <!-- Phase 5 -->
298
+ <div class="phase-container bg-white rounded-xl shadow-md overflow-hidden slide-in" style="animation-delay: 0.8s;">
299
+ <div class="flex flex-col md:flex-row">
300
+ <div class="w-full md:w-1/2 p-6 order-2 md:order-1">
301
+ <div class="flex items-center mb-4">
302
+ <div class="bg-red-100 text-red-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
303
+ <span class="font-bold">5</span>
304
+ </div>
305
+ <h3 class="text-xl font-semibold text-gray-800">Phase 5: Browser Proxy Pivoting</h3>
306
+ </div>
307
+ <div class="ml-14">
308
+ <div class="mb-3 flex items-start">
309
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
310
+ <p>Routes victim's browser traffic to attacker server</p>
311
+ </div>
312
+ <div class="mb-3 flex items-start">
313
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
314
+ <p>Accesses internal applications:</p>
315
+ </div>
316
+ <div class="ml-6 mb-3">
317
+ <div class="flex items-start">
318
+ <div class="bg-red-300 rounded-full w-3 h-3 mt-1 mr-3 flex-shrink-0"></div>
319
+ <p>SSH management platforms</p>
320
+ </div>
321
+ <div class="flex items-start">
322
+ <div class="bg-red-300 rounded-full w-3 h-3 mt-1 mr-3 flex-shrink-0"></div>
323
+ <p>Internal document systems</p>
324
+ </div>
325
+ </div>
326
+ <div class="mb-3 flex items-start">
327
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
328
+ <p>Captures sensitive information in real-time</p>
329
+ </div>
330
+ </div>
331
+ </div>
332
+ <div class="w-full md:w-1/2 bg-gray-50 p-6 order-1 md:order-2">
333
+ <div class="flex items-center mb-4">
334
+ <div class="bg-blue-100 text-blue-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
335
+ <span class="font-bold">5</span>
336
+ </div>
337
+ <h3 class="text-xl font-semibold text-gray-800">Network Penetration</h3>
338
+ </div>
339
+ <div class="ml-14">
340
+ <div class="mb-3 flex items-start">
341
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
342
+ <p>Attacker masquerades as legitimate user</p>
343
+ </div>
344
+ <div class="mb-3 flex items-start">
345
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
346
+ <p>Sensitive data captured in real-time</p>
347
+ </div>
348
+ <div class="mb-3 flex items-start">
349
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
350
+ <p>Internal network access achieved</p>
351
+ </div>
352
+ <div class="relative mt-6">
353
+ <div class="flex space-x-2">
354
+ <div class="bg-green-100 text-green-800 px-3 py-1 rounded-full text-sm">
355
+ <i class="fas fa-network-wired mr-1"></i> Internal Access
356
+ </div>
357
+ <div class="bg-indigo-100 text-indigo-800 px-3 py-1 rounded-full text-sm">
358
+ <i class="fas fa-exchange-alt mr-1"></i> Traffic Proxied
359
+ </div>
360
+ </div>
361
+ </div>
362
+ </div>
363
+ </div>
364
+ </div>
365
+ </div>
366
+
367
+ <!-- Phase 6 -->
368
+ <div class="phase-container bg-white rounded-xl shadow-md overflow-hidden slide-in" style="animation-delay: 1s;">
369
+ <div class="flex flex-col md:flex-row">
370
+ <div class="w-full md:w-1/2 p-6 order-2 md:order-1">
371
+ <div class="flex items-center mb-4">
372
+ <div class="bg-red-100 text-red-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
373
+ <span class="font-bold">6</span>
374
+ </div>
375
+ <h3 class="text-xl font-semibold text-gray-800">Phase 6: Lateral Movement & Data Exfiltration</h3>
376
+ </div>
377
+ <div class="ml-14">
378
+ <div class="mb-3 flex items-start">
379
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
380
+ <p>Uses stolen SSH credentials to access servers</p>
381
+ </div>
382
+ <div class="mb-3 flex items-start">
383
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
384
+ <p>Scans internal network for additional targets</p>
385
+ </div>
386
+ <div class="mb-3 flex items-start">
387
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
388
+ <p>Attempts privilege escalation</p>
389
+ </div>
390
+ <div class="mb-3 flex items-start">
391
+ <div class="bg-red-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
392
+ <p>Steals and exfiltrates sensitive data</p>
393
+ </div>
394
+ </div>
395
+ </div>
396
+ <div class="w-full md:w-1/2 bg-gray-50 p-6 order-1 md:order-2">
397
+ <div class="flex items-center mb-4">
398
+ <div class="bg-blue-100 text-blue-800 rounded-full w-10 h-10 flex items-center justify-center mr-4">
399
+ <span class="font-bold">6</span>
400
+ </div>
401
+ <h3 class="text-xl font-semibold text-gray-800">Full Network Compromise</h3>
402
+ </div>
403
+ <div class="ml-14">
404
+ <div class="mb-3 flex items-start">
405
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
406
+ <p>Servers under attacker control</p>
407
+ </div>
408
+ <div class="mb-3 flex items-start">
409
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
410
+ <p>Sensitive data stolen</p>
411
+ </div>
412
+ <div class="mb-3 flex items-start">
413
+ <div class="bg-blue-500 rounded-full w-4 h-4 mt-1 mr-3 flex-shrink-0"></div>
414
+ <p>Attacker maintains persistent access</p>
415
+ </div>
416
+ <div class="relative mt-6">
417
+ <div class="bg-red-100 text-red-800 px-3 py-1 rounded-full text-sm inline-block">
418
+ <i class="fas fa-exclamation-triangle mr-1"></i> Breach Complete
419
+ </div>
420
+ </div>
421
+ </div>
422
+ </div>
423
+ </div>
424
+ </div>
425
+ </div>
426
+ </div>
427
+
428
+ <!-- Summary Timeline -->
429
+ <div class="bg-white rounded-xl shadow-md p-6 mb-12">
430
+ <h2 class="text-2xl font-bold text-gray-800 mb-6 text-center">Attack Lifecycle Timeline</h2>
431
+ <div class="relative">
432
+ <!-- Timeline line -->
433
+ <div class="absolute left-1/2 h-full w-1 bg-gray-200 transform -translate-x-1/2"></div>
434
+
435
+ <!-- Timeline items -->
436
+ <div class="space-y-8">
437
+ <!-- Phase 1 -->
438
+ <div class="relative timeline-item">
439
+ <div class="flex items-center">
440
+ <div class="absolute left-1/2 -ml-3 w-6 h-6 bg-red-500 rounded-full border-4 border-white transform -translate-x-1/2"></div>
441
+ <div class="w-1/2 pr-12 text-right">
442
+ <h3 class="font-semibold text-gray-800">Phase 1: Phishing Email</h3>
443
+ <p class="text-sm text-gray-600">Attacker crafts convincing phishing email</p>
444
+ </div>
445
+ <div class="w-1/2 pl-12">
446
+ <h3 class="font-semibold text-gray-800">Victim Action</h3>
447
+ <p class="text-sm text-gray-600">Opens email and interacts with content</p>
448
+ </div>
449
+ </div>
450
+ </div>
451
+
452
+ <!-- Phase 2 -->
453
+ <div class="relative timeline-item">
454
+ <div class="flex items-center">
455
+ <div class="absolute left-1/2 -ml-3 w-6 h-6 bg-red-500 rounded-full border-4 border-white transform -translate-x-1/2"></div>
456
+ <div class="w-1/2 pr-12 text-right">
457
+ <h3 class="font-semibold text-gray-800">Phase 2: Payload Execution</h3>
458
+ <p class="text-sm text-gray-600">Malicious code executes on victim system</p>
459
+ </div>
460
+ <div class="w-1/2 pl-12">
461
+ <h3 class="font-semibold text-gray-800">System Compromise</h3>
462
+ <p class="text-sm text-gray-600">Attacker gains initial foothold</p>
463
+ </div>
464
+ </div>
465
+ </div>
466
+
467
+ <!-- Phase 3 -->
468
+ <div class="relative timeline-item">
469
+ <div class="flex items-center">
470
+ <div class="absolute left-1/2 -ml-3 w-6 h-6 bg-red-500 rounded-full border-4 border-white transform -translate-x-1/2"></div>
471
+ <div class="w-1/2 pr-12 text-right">
472
+ <h3 class="font-semibold text-gray-800">Phase 3: C2 Implantation</h3>
473
+ <p class="text-sm text-gray-600">Backdoor installed for persistent access</p>
474
+ </div>
475
+ <div class="w-1/2 pl-12">
476
+ <h3 class="font-semibold text-gray-800">Persistence</h3>
477
+ <p class="text-sm text-gray-600">Continuous attacker control established</p>
478
+ </div>
479
+ </div>
480
+ </div>
481
+
482
+ <!-- Phase 4 -->
483
+ <div class="relative timeline-item">
484
+ <div class="flex items-center">
485
+ <div class="absolute left-1/2 -ml-3 w-6 h-6 bg-red-500 rounded-full border-4 border-white transform -translate-x-1/2"></div>
486
+ <div class="w-1/2 pr-12 text-right">
487
+ <h3 class="font-semibold text-gray-800">Phase 4: Credential Theft</h3>
488
+ <p class="text-sm text-gray-600">Cookies, SSH keys, and passwords stolen</p>
489
+ </div>
490
+ <div class="w-1/2 pl-12">
491
+ <h3 class="font-semibold text-gray-800">Data Compromise</h3>
492
+ <p class="text-sm text-gray-600">Credentials available for lateral movement</p>
493
+ </div>
494
+ </div>
495
+ </div>
496
+
497
+ <!-- Phase 5 -->
498
+ <div class="relative timeline-item">
499
+ <div class="flex items-center">
500
+ <div class="absolute left-1/2 -ml-3 w-6 h-6 bg-red-500 rounded-full border-4 border-white transform -translate-x-1/2"></div>
501
+ <div class="w-1/2 pr-12 text-right">
502
+ <h3 class="font-semibold text-gray-800">Phase 5: Browser Pivoting</h3>
503
+ <p class="text-sm text-gray-600">Internal network accessed via proxy</p>
504
+ </div>
505
+ <div class="w-1/2 pl-12">
506
+ <h3 class="font-semibold text-gray-800">Network Penetration</h3>
507
+ <p class="text-sm text-gray-600">Internal applications compromised</p>
508
+ </div>
509
+ </div>
510
+ </div>
511
+
512
+ <!-- Phase 6 -->
513
+ <div class="relative timeline-item">
514
+ <div class="flex items-center">
515
+ <div class="absolute left-1/2 -ml-3 w-6 h-6 bg-red-500 rounded-full border-4 border-white transform -translate-x-1/2"></div>
516
+ <div class="w-1/2 pr-12 text-right">
517
+ <h3 class="font-semibold text-gray-800">Phase 6: Lateral Movement</h3>
518
+ <p class="text-sm text-gray-600">Servers accessed, data exfiltrated</p>
519
+ </div>
520
+ <div class="w-1/2 pl-12">
521
+ <h3 class="font-semibold text-gray-800">Full Breach</h3>
522
+ <p class="text-sm text-gray-600">Network fully compromised</p>
523
+ </div>
524
+ </div>
525
+ </div>
526
+ </div>
527
+ </div>
528
+ </div>
529
+
530
+ <!-- Interactive Simulation -->
531
+ <div class="bg-white rounded-xl shadow-md p-6">
532
+ <h2 class="text-2xl font-bold text-gray-800 mb-6 text-center">Interactive Attack Simulation</h2>
533
+
534
+ <div class="grid grid-cols-1 md:grid-cols-6 gap-4 mb-8">
535
+ <button onclick="simulatePhase(1)" class="phase-btn bg-red-100 hover:bg-red-200 text-red-800 py-2 px-4 rounded-lg transition-all">
536
+ <i class="fas fa-envelope mr-2"></i> Phase 1
537
+ </button>
538
+ <button onclick="simulatePhase(2)" class="phase-btn bg-orange-100 hover:bg-orange-200 text-orange-800 py-2 px-4 rounded-lg transition-all">
539
+ <i class="fas fa-code mr-2"></i> Phase 2
540
+ </button>
541
+ <button onclick="simulatePhase(3)" class="phase-btn bg-yellow-100 hover:bg-yellow-200 text-yellow-800 py-2 px-4 rounded-lg transition-all">
542
+ <i class="fas fa-server mr-2"></i> Phase 3
543
+ </button>
544
+ <button onclick="simulatePhase(4)" class="phase-btn bg-green-100 hover:bg-green-200 text-green-800 py-2 px-4 rounded-lg transition-all">
545
+ <i class="fas fa-key mr-2"></i> Phase 4
546
+ </button>
547
+ <button onclick="simulatePhase(5)" class="phase-btn bg-blue-100 hover:bg-blue-200 text-blue-800 py-2 px-4 rounded-lg transition-all">
548
+ <i class="fas fa-globe mr-2"></i> Phase 5
549
+ </button>
550
+ <button onclick="simulatePhase(6)" class="phase-btn bg-purple-100 hover:bg-purple-200 text-purple-800 py-2 px-4 rounded-lg transition-all">
551
+ <i class="fas fa-network-wired mr-2"></i> Phase 6
552
+ </button>
553
+ </div>
554
+
555
+ <div id="simulation-area" class="border-2 border-gray-200 rounded-lg p-6 min-h-64 bg-gray-50">
556
+ <div class="text-center text-gray-500 py-10">
557
+ <i class="fas fa-mouse-pointer fa-2x mb-2"></i>
558
+ <p>Click on any phase button to simulate that attack stage</p>
559
+ </div>
560
+ </div>
561
+ </div>
562
+ </div>
563
+
564
+ <script>
565
+ // Highlight attack steps as they appear
566
+ document.addEventListener('DOMContentLoaded', function() {
567
+ const steps = document.querySelectorAll('.phase-container');
568
+ steps.forEach((step, index) => {
569
+ setTimeout(() => {
570
+ step.classList.add('highlight-step');
571
+ }, index * 300 + 500);
572
+ });
573
+ });
574
+
575
+ // Interactive simulation
576
+ function simulatePhase(phaseNum) {
577
+ const simulationArea = document.getElementById('simulation-area');
578
+ const phaseBtns = document.querySelectorAll('.phase-btn');
579
+
580
+ // Reset all buttons
581
+ phaseBtns.forEach(btn => {
582
+ btn.classList.remove('ring-2', 'ring-offset-2');
583
+ });
584
+
585
+ // Highlight current button
586
+ phaseBtns[phaseNum-1].classList.add('ring-2', 'ring-offset-2', 'ring-current');
587
+
588
+ // Show appropriate simulation
589
+ let content = '';
590
+ switch(phaseNum) {
591
+ case 1:
592
+ content = `
593
+ <div class="max-w-md mx-auto bg-white p-6 rounded-lg shadow">
594
+ <div class="flex items-center mb-4">
595
+ <img src="https://img.icons8.com/color/48/000000/gmail.png" class="w-10 h-10 mr-3"/>
596
+ <div>
597
+ <h3 class="font-bold text-gray-800">Urgent Notice: Abnormal Login Alert</h3>
598
+ <p class="text-sm text-gray-600">security@alibabacloud-support.com</p>
599
+ </div>
600
+ </div>
601
+ <div class="border-t pt-4">
602
+ <p class="mb-4">Dear Customer,</p>
603
+ <p class="mb-4">We detected unusual login activity on your Alibaba Cloud account from a new device in Singapore.</p>
604
+ <p class="mb-4">For your security, please verify your account immediately by clicking below:</p>
605
+ <a href="#" class="inline-block bg-blue-500 text-white px-4 py-2 rounded mb-4">Verify Account Now</a>
606
+ <p class="text-sm text-gray-500">Or download and review the attached document for details.</p>
607
+ <div class="mt-6 p-3 bg-gray-100 rounded text-sm text-gray-700">
608
+ <i class="fas fa-paperclip mr-2"></i> Account_Security_Notice.pdf (1.2MB)
609
+ </div>
610
+ </div>
611
+ <div class="mt-6 text-xs text-red-500">
612
+ <i class="fas fa-exclamation-triangle mr-1"></i> Warning: This is a simulated phishing email. The sender address contains subtle typos.
613
+ </div>
614
+ </div>
615
+ `;
616
+ break;
617
+ case 2:
618
+ content = `
619
+ <div class="max-w-md mx-auto">
620
+ <div class="bg-white p-6 rounded-lg shadow mb-4">
621
+ <div class="flex items-center mb-3">
622
+ <div class="bg-red-500 text-white p-2 rounded-full mr-3">
623
+ <i class="fas fa-file-pdf"></i>
624
+ </div>
625
+ <div>
626
+ <h3 class="font-bold text-gray-800">Account_Security_Notice.pdf</h3>
627
+ <p class="text-sm text-gray-600">1.2MB • Contains macros</p>
628
+ </div>
629
+ </div>
630
+ <div class="bg-yellow-50 border-l-4 border-yellow-400 p-4 mb-4">
631
+ <div class="flex">
632
+ <div class="flex-shrink-0">
633
+ <i class="fas fa-exclamation-triangle text-yellow-400"></i>
634
+ </div>
635
+ <div class="ml-3">
636
+ <p class="text-sm text-yellow-700">
637
+ This document contains macros that may harm your computer. Are you sure you want to enable content?
638
+ </p>
639
+ </div>
640
+ </div>
641
+ </div>
642
+ <div class="flex justify-between">
643
+ <button class="bg-green-500 hover:bg-green-600 text-white px-4 py-2 rounded">
644
+ Enable Content
645
+ </button>
646
+ <button class="bg-gray-200 hover:bg-gray-300 text-gray-800 px-4 py-2 rounded">
647
+ Keep Disabled
648
+ </button>
649
+ </div>
650
+ </div>
651
+ <div class="text-center text-sm text-gray-500">
652
+ <i class="fas fa-arrow-down mr-1"></i> After enabling content...
653
+ </div>
654
+ <div class="bg-red-50 p-4 rounded-lg shadow mt-2 border-l-4 border-red-500">
655
+ <div class="flex">
656
+ <div class="flex-shrink-0">
657
+ <i class="fas fa-bug text-red-500"></i>
658
+ </div>
659
+ <div class="ml-3">
660
+ <h3 class="text-sm font-medium text-red-800">Malicious Payload Executed</h3>
661
+ <div class="mt-2 text-sm text-red-700">
662
+ <p>• PowerShell script downloaded from malicious server</p>
663
+ <p>• Reverse shell connection established</p>
664
+ <p>• Attacker now has command line access</p>
665
+ </div>
666
+ </div>
667
+ </div>
668
+ </div>
669
+ </div>
670
+ `;
671
+ break;
672
+ case 3:
673
+ content = `
674
+ <div class="max-w-md mx-auto bg-white p-6 rounded-lg shadow">
675
+ <h3 class="font-bold text-gray-800 mb-4">Command & Control Infrastructure</h3>
676
+ <div class="space-y-4">
677
+ <div class="flex items-start">
678
+ <div class="bg-red-100 text-red-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
679
+ <i class="fas fa-download"></i>
680
+ </div>
681
+ <div>
682
+ <h4 class="font-semibold text-gray-800">Backdoor Installation</h4>
683
+ <p class="text-sm text-gray-600">Persistent malware dropped in %AppData%</p>
684
+ <div class="bg-gray-100 p-2 rounded mt-1 font-mono text-xs">
685
+ C:\Users\[User]\AppData\Roaming\svchost.exe
686
+ </div>
687
+ </div>
688
+ </div>
689
+ <div class="flex items-start">
690
+ <div class="bg-purple-100 text-purple-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
691
+ <i class="fas fa-user-shield"></i>
692
+ </div>
693
+ <div>
694
+ <h4 class="font-semibold text-gray-800">Persistence Mechanism</h4>
695
+ <p class="text-sm text-gray-600">Registry key created for auto-start</p>
696
+ <div class="bg-gray-100 p-2 rounded mt-1 font-mono text-xs">
697
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
698
+ </div>
699
+ </div>
700
+ </div>
701
+ <div class="flex items-start">
702
+ <div class="bg-blue-100 text-blue-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
703
+ <i class="fas fa-exchange-alt"></i>
704
+ </div>
705
+ <div>
706
+ <h4 class="font-semibold text-gray-800">C2 Communication</h4>
707
+ <p class="text-sm text-gray-600">Beaconing to attacker server every 5 minutes</p>
708
+ <div class="bg-gray-100 p-2 rounded mt-1 font-mono text-xs">
709
+ HTTPS traffic to: api.cloudservice[.]support:443
710
+ </div>
711
+ </div>
712
+ </div>
713
+ </div>
714
+ <div class="mt-6 p-3 bg-red-50 rounded-lg border border-red-200">
715
+ <div class="flex items-center">
716
+ <div class="bg-red-500 text-white rounded-full w-6 h-6 flex items-center justify-center mr-2">
717
+ <i class="fas fa-shield-alt text-xs"></i>
718
+ </div>
719
+ <h4 class="font-semibold text-red-800">Security Alert</h4>
720
+ </div>
721
+ <p class="text-sm text-red-700 mt-2">
722
+ The malware is using TLS encryption and domain fronting to evade detection by network security tools.
723
+ </p>
724
+ </div>
725
+ </div>
726
+ `;
727
+ break;
728
+ case 4:
729
+ content = `
730
+ <div class="max-w-md mx-auto bg-white p-6 rounded-lg shadow">
731
+ <h3 class="font-bold text-gray-800 mb-4">Credential Harvesting Process</h3>
732
+ <div class="space-y-4">
733
+ <div class="flex items-start">
734
+ <div class="bg-blue-100 text-blue-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
735
+ <i class="fas fa-cookie-bite"></i>
736
+ </div>
737
+ <div>
738
+ <h4 class="font-semibold text-gray-800">Browser Cookies</h4>
739
+ <p class="text-sm text-gray-600">Session cookies stolen from:</p>
740
+ <div class="flex flex-wrap gap-1 mt-1">
741
+ <span class="bg-gray-100 px-2 py-1 rounded text-xs">mail.company.com</span>
742
+ <span class="bg-gray-100 px-2 py-1 rounded text-xs">vpn.corp.net</span>
743
+ <span class="bg-gray-100 px-2 py-1 rounded text-xs">admin.portal</span>
744
+ </div>
745
+ </div>
746
+ </div>
747
+ <div class="flex items-start">
748
+ <div class="bg-green-100 text-green-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
749
+ <i class="fas fa-key"></i>
750
+ </div>
751
+ <div>
752
+ <h4 class="font-semibold text-gray-800">SSH Keys</h4>
753
+ <p class="text-sm text-gray-600">Private keys discovered in:</p>
754
+ <div class="bg-gray-100 p-2 rounded mt-1 font-mono text-xs">
755
+ ~/.ssh/id_rsa<br>
756
+ ~/.ssh/config
757
+ </div>
758
+ </div>
759
+ </div>
760
+ <div class="flex items-start">
761
+ <div class="bg-purple-100 text-purple-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
762
+ <i class="fas fa-save"></i>
763
+ </div>
764
+ <div>
765
+ <h4 class="font-semibold text-gray-800">Saved Passwords</h4>
766
+ <p class="text-sm text-gray-600">Decrypted from browser storage</p>
767
+ <div class="bg-gray-100 p-2 rounded mt-1 text-xs">
768
+ <div class="flex justify-between">
769
+ <span>admin@corp.com</span>
770
+ <span>••••••••</span>
771
+ </div>
772
+ <div class="flex justify-between">
773
+ <span>db_admin</span>
774
+ <span>••••••••</span>
775
+ </div>
776
+ </div>
777
+ </div>
778
+ </div>
779
+ </div>
780
+ <div class="mt-6 p-3 bg-yellow-50 rounded-lg border border-yellow-200">
781
+ <div class="flex items-center">
782
+ <div class="bg-yellow-500 text-white rounded-full w-6 h-6 flex items-center justify-center mr-2">
783
+ <i class="fas fa-exclamation text-xs"></i>
784
+ </div>
785
+ <h4 class="font-semibold text-yellow-800">Critical Finding</h4>
786
+ </div>
787
+ <p class="text-sm text-yellow-700 mt-2">
788
+ The SSH private key has access to multiple production servers and was not protected with a passphrase.
789
+ </p>
790
+ </div>
791
+ </div>
792
+ `;
793
+ break;
794
+ case 5:
795
+ content = `
796
+ <div class="max-w-md mx-auto bg-white p-6 rounded-lg shadow">
797
+ <h3 class="font-bold text-gray-800 mb-4">Browser Proxy Pivoting</h3>
798
+ <div class="space-y-4">
799
+ <div class="flex items-start">
800
+ <div class="bg-red-100 text-red-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
801
+ <i class="fas fa-random"></i>
802
+ </div>
803
+ <div>
804
+ <h4 class="font-semibold text-gray-800">Traffic Redirection</h4>
805
+ <p class="text-sm text-gray-600">Browser proxy settings modified to:</p>
806
+ <div class="bg-gray-100 p-2 rounded mt-1 font-mono text-xs">
807
+ Proxy Server: proxy.malicious-server.com:8080
808
+ </div>
809
+ </div>
810
+ </div>
811
+ <div class="flex items-start">
812
+ <div class="bg-blue-100 text-blue-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
813
+ <i class="fas fa-lock"></i>
814
+ </div>
815
+ <div>
816
+ <h4 class="font-semibold text-gray-800">Internal Applications Accessed</h4>
817
+ <div class="mt-1 space-y-2">
818
+ <div class="flex items-center">
819
+ <div class="bg-blue-500 text-white rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs">
820
+ <i class="fas fa-terminal"></i>
821
+ </div>
822
+ <span class="text-sm">SSH Management Portal</span>
823
+ </div>
824
+ <div class="flex items-center">
825
+ <div class="bg-blue-500 text-white rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs">
826
+ <i class="fas fa-file-alt"></i>
827
+ </div>
828
+ <span class="text-sm">Internal Document System</span>
829
+ </div>
830
+ <div class="flex items-center">
831
+ <div class="bg-blue-500 text-white rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs">
832
+ <i class="fas fa-database"></i>
833
+ </div>
834
+ <span class="text-sm">Database Admin Console</span>
835
+ </div>
836
+ </div>
837
+ </div>
838
+ </div>
839
+ <div class="flex items-start">
840
+ <div class="bg-purple-100 text-purple-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
841
+ <i class="fas fa-eye"></i>
842
+ </div>
843
+ <div>
844
+ <h4 class="font-semibold text-gray-800">Session Hijacking</h4>
845
+ <p class="text-sm text-gray-600">Using stolen cookies to bypass authentication</p>
846
+ <div class="bg-gray-100 p-2 rounded mt-1 text-xs">
847
+ <div class="flex justify-between">
848
+ <span>Session Cookie:</span>
849
+ <span>Stolen from browser</span>
850
+ </div>
851
+ <div class="flex justify-between">
852
+ <span>User Agent:</span>
853
+ <span>Spoofed to match victim</span>
854
+ </div>
855
+ </div>
856
+ </div>
857
+ </div>
858
+ </div>
859
+ <div class="mt-6 p-3 bg-indigo-50 rounded-lg border border-indigo-200">
860
+ <div class="flex items-center">
861
+ <div class="bg-indigo-500 text-white rounded-full w-6 h-6 flex items-center justify-center mr-2">
862
+ <i class="fas fa-info-circle text-xs"></i>
863
+ </div>
864
+ <h4 class="font-semibold text-indigo-800">Detection Challenge</h4>
865
+ </div>
866
+ <p class="text-sm text-indigo-700 mt-2">
867
+ The attacker appears as a legitimate user because they're using the victim's actual credentials and session tokens.
868
+ </p>
869
+ </div>
870
+ </div>
871
+ `;
872
+ break;
873
+ case 6:
874
+ content = `
875
+ <div class="max-w-md mx-auto bg-white p-6 rounded-lg shadow">
876
+ <h3 class="font-bold text-gray-800 mb-4">Lateral Movement & Data Exfiltration</h3>
877
+ <div class="space-y-4">
878
+ <div class="flex items-start">
879
+ <div class="bg-red-100 text-red-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
880
+ <i class="fas fa-server"></i>
881
+ </div>
882
+ <div>
883
+ <h4 class="font-semibold text-gray-800">Server Access</h4>
884
+ <p class="text-sm text-gray-600">Using stolen SSH credentials to access:</p>
885
+ <div class="bg-gray-100 p-2 rounded mt-1 font-mono text-xs">
886
+ ssh -i id_rsa admin@db-prod-01.internal
887
+ </div>
888
+ </div>
889
+ </div>
890
+ <div class="flex items-start">
891
+ <div class="bg-blue-100 text-blue-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
892
+ <i class="fas fa-search"></i>
893
+ </div>
894
+ <div>
895
+ <h4 class="font-semibold text-gray-800">Network Discovery</h4>
896
+ <p class="text-sm text-gray-600">Scanning internal network for:</p>
897
+ <div class="flex flex-wrap gap-1 mt-1">
898
+ <span class="bg-gray-100 px-2 py-1 rounded text-xs">Other servers</span>
899
+ <span class="bg-gray-100 px-2 py-1 rounded text-xs">Database instances</span>
900
+ <span class="bg-gray-100 px-2 py-1 rounded text-xs">File shares</span>
901
+ </div>
902
+ </div>
903
+ </div>
904
+ <div class="flex items-start">
905
+ <div class="bg-purple-100 text-purple-800 rounded-full w-8 h-8 flex items-center justify-center mr-3 flex-shrink-0">
906
+ <i class="fas fa-arrow-up"></i>
907
+ </div>
908
+ <div>
909
+ <h4 class="font-semibold text-gray-800">Data Exfiltration</h4>
910
+ <p class="text-sm text-gray-600">Sensitive data being transferred to:</p>
911
+ <div class="bg-gray-100 p-2 rounded mt-1 font-mono text-xs">
912
+ sftp://exfil.malicious-server.com/uploads/
913
+ </div>
914
+ </div>
915
+ </div>
916
+ </div>
917
+ <div class="mt-6 p-3 bg-red-50 rounded-lg border border-red-200">
918
+ <div class="flex items-center">
919
+ <div class="bg-red-500 text-white rounded-full w-6 h-6 flex items-center justify-center mr-2">
920
+ <i class="fas fa-exclamation-triangle text-xs"></i>
921
+ </div>
922
+ <h4 class="font-semibold text-red-800">Breach Impact</h4>
923
+ </div>
924
+ <div class="text-sm text-red-700 mt-2 space-y-1">
925
+ <p>• Customer database copied (2.4GB)</p>
926
+ <p>• Financial records accessed</p>
927
+ <p>• Source code repositories downloaded</p>
928
+ </div>
929
+ </div>
930
+ <div class="mt-4 p-3 bg-gray-100 rounded-lg">
931
+ <div class="flex items-center">
932
+ <div class="bg-gray-500 text-white rounded-full w-6 h-6 flex items-center justify-center mr-2">
933
+ <i class="fas fa-clock text-xs"></i>
934
+ </div>
935
+ <h4 class="font-semibold text-gray-800">Attack Timeline</h4>
936
+ </div>
937
+ <div class="text-sm text-gray-700 mt-2 space-y-1">
938
+ <p>• Initial compromise: 14 days ago</p>
939
+ <p>• Lateral movement began: 5 days ago</p>
940
+ <p>• Data exfiltration ongoing</p>
941
+ </div>
942
+ </div>
943
+ </div>
944
+ `;
945
+ break;
946
+ }
947
+
948
+ simulationArea.innerHTML = content;
949
+
950
+ // Add animation to new content
951
+ simulationArea.classList.remove('animate-pulse');
952
+ void simulationArea.offsetWidth; // Trigger reflow
953
+ simulationArea.classList.add('animate-pulse');
954
+ }
955
+ </script>
956
+ <p style="border-radius: 8px; text-align: center; font-size: 12px; color: #fff; margin-top: 16px;position: fixed; left: 8px; bottom: 8px; z-index: 10; background: rgba(0, 0, 0, 0.8); padding: 4px 8px;">Made with <img src="https://enzostvs-deepsite.hf.space/logo.svg" alt="DeepSite Logo" style="width: 16px; height: 16px; vertical-align: middle;display:inline-block;margin-right:3px;filter:brightness(0) invert(1);"><a href="https://enzostvs-deepsite.hf.space" style="color: #fff;text-decoration: underline;" target="_blank" >DeepSite</a> - 🧬 <a href="https://enzostvs-deepsite.hf.space?remix=capta1n/bas2-0" style="color: #fff;text-decoration: underline;" target="_blank" >Remix</a></p></body>
957
+ </html>