Hugging Face's logo

Spaces:
capta1n
/
bas3
Running

App Files Community
capta1n commited on
Commit
056d336
·
verified ·
1 Parent(s): 03b69cb

Add 3 files

Browse files
Files changed (3) hide show
  1. README.md +7 -5
  2. index.html +637 -19
  3. prompts.txt +1 -0
README.md CHANGED
@@ -1,10 +1,12 @@
1
  ---
2
- title: Bas3
3
- emoji: 🌍
4
- colorFrom: red
5
- colorTo: gray
6
  sdk: static
7
  pinned: false
 
 
8
  ---
9
 
10
- Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
 
1
  ---
2
+ title: bas3
3
+ emoji: 🐳
4
+ colorFrom: green
5
+ colorTo: green
6
  sdk: static
7
  pinned: false
8
+ tags:
9
+ - deepsite
10
  ---
11
 
12
+ Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
index.html CHANGED
@@ -1,19 +1,637 @@
1
- <!doctype html>
2
- <html>
3
- <head>
4
- <meta charset="utf-8" />
5
- <meta name="viewport" content="width=device-width" />
6
- <title>My static Space</title>
7
- <link rel="stylesheet" href="style.css" />
8
- </head>
9
- <body>
10
- <div class="card">
11
- <h1>Welcome to your static Space!</h1>
12
- <p>You can modify this app directly by editing <i>index.html</i> in the Files and versions tab.</p>
13
- <p>
14
- Also don't forget to check the
15
- <a href="https://huggingface.co/docs/hub/spaces" target="_blank">Spaces documentation</a>.
16
- </p>
17
- </div>
18
- </body>
19
- </html>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>Advanced Phishing Attack Kill Chain Visualization</title>
7
+ <script src="https://cdn.tailwindcss.com"></script>
8
+ <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
9
+ <script src="https://unpkg.com/vis-network/standalone/umd/vis-network.min.js"></script>
10
+ <style>
11
+ #network {
12
+ width: 100%;
13
+ height: 500px;
14
+ border: 1px solid #e5e7eb;
15
+ border-radius: 0.5rem;
16
+ background-color: #f9fafb;
17
+ }
18
+ .node-tooltip {
19
+ position: absolute;
20
+ background: white;
21
+ border: 1px solid #e5e7eb;
22
+ border-radius: 0.5rem;
23
+ padding: 1rem;
24
+ box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1);
25
+ max-width: 400px;
26
+ z-index: 100;
27
+ pointer-events: none;
28
+ display: none;
29
+ }
30
+ .alert-item {
31
+ border-left: 4px solid;
32
+ transition: all 0.2s ease;
33
+ }
34
+ .alert-item:hover {
35
+ background-color: #f8fafc;
36
+ }
37
+ .severity-critical {
38
+ border-left-color: #ef4444;
39
+ }
40
+ .severity-high {
41
+ border-left-color: #f59e0b;
42
+ }
43
+ .severity-emergency {
44
+ border-left-color: #dc2626;
45
+ }
46
+ .node-phishing {
47
+ background-color: #fef2f2;
48
+ border-color: #fca5a5;
49
+ }
50
+ .node-execution {
51
+ background-color: #fffbeb;
52
+ border-color: #fcd34d;
53
+ }
54
+ .node-c2 {
55
+ background-color: #ecfdf5;
56
+ border-color: #6ee7b7;
57
+ }
58
+ .node-lateral {
59
+ background-color: #eff6ff;
60
+ border-color: #93c5fd;
61
+ }
62
+ .node-data-theft {
63
+ background-color: #f5f3ff;
64
+ border-color: #a78bfa;
65
+ }
66
+ .node-cloud {
67
+ background-color: #fce7f3;
68
+ border-color: #f9a8d4;
69
+ }
70
+ .node-exfiltration {
71
+ background-color: #fefce8;
72
+ border-color: #facc15;
73
+ }
74
+ </style>
75
+ </head>
76
+ <body class="bg-gray-50">
77
+ <div class="container mx-auto px-4 py-8">
78
+ <div class="flex justify-between items-center mb-6">
79
+ <div>
80
+ <h1 class="text-2xl font-bold text-gray-800">Advanced Phishing Attack Kill Chain</h1>
81
+ <p class="text-gray-600">Visualization of the complete attack flow from initial compromise to data exfiltration</p>
82
+ </div>
83
+ <div class="flex space-x-2">
84
+ <button id="zoom-in" class="p-2 bg-white rounded-md border border-gray-200 hover:bg-gray-50">
85
+ <i class="fas fa-search-plus"></i>
86
+ </button>
87
+ <button id="zoom-out" class="p-2 bg-white rounded-md border border-gray-200 hover:bg-gray-50">
88
+ <i class="fas fa-search-minus"></i>
89
+ </button>
90
+ <button id="fit-view" class="p-2 bg-white rounded-md border border-gray-200 hover:bg-gray-50">
91
+ <i class="fas fa-expand"></i>
92
+ </button>
93
+ </div>
94
+ </div>
95
+
96
+ <div class="grid grid-cols-1 lg:grid-cols-3 gap-6">
97
+ <div class="lg:col-span-2">
98
+ <div id="network"></div>
99
+ </div>
100
+
101
+ <div class="bg-white rounded-lg shadow-sm border border-gray-200 p-4">
102
+ <div class="flex justify-between items-center mb-4">
103
+ <h3 class="font-semibold text-lg">Attack Step Details</h3>
104
+ <span id="step-number" class="bg-blue-100 text-blue-800 text-xs font-medium px-2.5 py-0.5 rounded">Step 1</span>
105
+ </div>
106
+ <div id="node-details" class="space-y-4">
107
+ <div>
108
+ <h4 class="font-medium text-gray-700 mb-1">Attack Behavior</h4>
109
+ <div id="attack-behavior" class="bg-gray-50 p-3 rounded text-sm text-gray-700"></div>
110
+ </div>
111
+ <div>
112
+ <h4 class="font-medium text-gray-700 mb-1">Triggered Defenses</h4>
113
+ <div id="triggered-defenses" class="text-sm text-gray-700"></div>
114
+ </div>
115
+ <div>
116
+ <h4 class="font-medium text-gray-700 mb-1">Security Alerts</h4>
117
+ <div id="security-alerts" class="space-y-2"></div>
118
+ </div>
119
+ </div>
120
+ </div>
121
+ </div>
122
+
123
+ <div class="mt-8 bg-white rounded-lg shadow-sm border border-gray-200 overflow-hidden">
124
+ <div class="border-b border-gray-200 px-4 py-3">
125
+ <h3 class="font-semibold text-gray-800">Attack Kill Chain Timeline</h3>
126
+ </div>
127
+ <div class="divide-y divide-gray-200">
128
+ <div id="timeline-container" class="divide-y divide-gray-200"></div>
129
+ </div>
130
+ </div>
131
+ </div>
132
+
133
+ <div id="node-tooltip" class="node-tooltip"></div>
134
+
135
+ <script>
136
+ // Attack steps data
137
+ const attackSteps = [
138
+ {
139
+ id: 1,
140
+ label: "1. Phishing Email",
141
+ title: "Phishing Email Delivery",
142
+ group: "phishing",
143
+ behavior: "Forged 'Embrace AI Change' notification email containing malicious file disguised as files.zip",
144
+ defenses: "Email Security Gateway",
145
+ alerts: [
146
+ {
147
+ severity: "critical",
148
+ message: "Detected spoofed sender email | From: itsupport@fakecompany[.]com → To: victim@corp.com | Contains malicious attachment (SHA256: a1b2c3...) | Identified as Emotet phishing template"
149
+ }
150
+ ],
151
+ x: -300,
152
+ y: 0
153
+ },
154
+ {
155
+ id: 2,
156
+ label: "2. Malware Execution",
157
+ title: "Trojan Execution",
158
+ group: "execution",
159
+ behavior: "Victim downloads malicious file triggering PowerShell script that downloads Cobalt Strike DLL and injects into legitimate process",
160
+ defenses: "Endpoint Detection & Response (EDR)",
161
+ alerts: [
162
+ {
163
+ severity: "high",
164
+ message: "Suspicious process injection | Process: C:\\Windows\\System32\\explorer.exe → Loaded module: a09xdf.dll | DLL signature invalid and matches known Cobalt Strike signature"
165
+ }
166
+ ],
167
+ x: -150,
168
+ y: -100
169
+ },
170
+ {
171
+ id: 3,
172
+ label: "3. C2 Establishment",
173
+ title: "C2 Channel & Lateral Movement",
174
+ group: "c2",
175
+ behavior: "HTTPS heartbeat communication via CDN domain (api.cloudfront[.]com), deploying reverse SSH tunnel to internal jump server",
176
+ defenses: "Network Traffic Analysis (NTA)",
177
+ alerts: [
178
+ {
179
+ severity: "emergency",
180
+ message: "Anomalous outbound connection | Target IP: 54.231.1.1 (AWS Singapore) | Protocol: HTTPS | Abnormal certificate (CN=*.cloudfront[.]com but issued by wildcard Let's Encrypt cert)"
181
+ }
182
+ ],
183
+ x: 0,
184
+ y: 0
185
+ },
186
+ {
187
+ id: 4,
188
+ label: "4. Credential Theft",
189
+ title: "Credential Theft & Browser Simulation",
190
+ group: "data-theft",
191
+ behavior: "Using Mimikatz to extract Chrome browser cookies and forging User-Agent (synchronizing victim's browser fingerprint)",
192
+ defenses: "User Behavior Analytics (UEBA)",
193
+ alerts: [
194
+ {
195
+ severity: "high",
196
+ message: "Abnormal browser session | User: Victim_Account | Source IP: 172.16.1.23 → Device fingerprint changed (new VM characteristics/QEMU virtual GPU)"
197
+ }
198
+ ],
199
+ x: 150,
200
+ y: -100
201
+ },
202
+ {
203
+ id: 5,
204
+ label: "5. Cloud Docs Access",
205
+ title: "Cloud Documentation Penetration",
206
+ group: "cloud",
207
+ behavior: "Hijacked Yuque API Token used to access 'Production Environment Operations Manual', extracting embedded SSH private key (Base64 encoded)",
208
+ defenses: "Data Loss Prevention (DLP)",
209
+ alerts: [
210
+ {
211
+ severity: "critical",
212
+ message: "Sensitive data access | User: Victim_Account | Action: Downloaded document ID: YUQUE-1234 | Content matched keyword: 'prod_ssh_private_key'"
213
+ }
214
+ ],
215
+ x: 300,
216
+ y: 0
217
+ },
218
+ {
219
+ id: 6,
220
+ label: "6. Production Access",
221
+ title: "Production Network Intrusion",
222
+ group: "lateral",
223
+ behavior: "Using SSH certificate from jump server to log into MySQL database server (IP: 10.8.8.88, account: dba_admin)",
224
+ defenses: "Host Intrusion Detection (HIDS)",
225
+ alerts: [
226
+ {
227
+ severity: "emergency",
228
+ message: "Unusual time SSH login | Account: dba_admin | Source IP: 10.8.8.12 (test env jump server) | Action: Executed SHOW DATABASES"
229
+ }
230
+ ],
231
+ x: 450,
232
+ y: -100
233
+ },
234
+ {
235
+ id: 7,
236
+ label: "7. Data Exfiltration",
237
+ title: "Data Exfiltration",
238
+ group: "exfiltration",
239
+ behavior: "Compressed and encrypted customer data (filename: taobaodata.tar.gz.enc) transmitted via DNS tunnel to alibaba-bas.com",
240
+ defenses: "Full Traffic Threat Analysis",
241
+ alerts: [
242
+ {
243
+ severity: "critical",
244
+ message: "Abnormal data transfer | Protocol: DNS TXT records | Target domain: xyz.attacker[.]com | Data volume: 142MB (500% above threshold)"
245
+ }
246
+ ],
247
+ x: 600,
248
+ y: 0
249
+ }
250
+ ];
251
+
252
+ // Create nodes and edges for the network
253
+ const nodes = new vis.DataSet(
254
+ attackSteps.map(step => ({
255
+ id: step.id,
256
+ label: step.label,
257
+ group: step.group,
258
+ title: step.title,
259
+ x: step.x,
260
+ y: step.y,
261
+ physics: false,
262
+ fixed: {
263
+ x: false,
264
+ y: false
265
+ }
266
+ }))
267
+ );
268
+
269
+ const edges = new vis.DataSet(
270
+ attackSteps.slice(0, -1).map((step, index) => ({
271
+ id: index + 1,
272
+ from: step.id,
273
+ to: attackSteps[index + 1].id,
274
+ arrows: "to",
275
+ smooth: {
276
+ type: "curvedCW",
277
+ roundness: 0.2
278
+ },
279
+ color: {
280
+ color: "#9ca3af",
281
+ highlight: "#3b82f6",
282
+ hover: "#3b82f6"
283
+ },
284
+ width: 2
285
+ }))
286
+ );
287
+
288
+ // Network container
289
+ const container = document.getElementById("network");
290
+ const data = {
291
+ nodes: nodes,
292
+ edges: edges
293
+ };
294
+
295
+ const options = {
296
+ nodes: {
297
+ shape: "box",
298
+ size: 20,
299
+ borderWidth: 2,
300
+ shadow: {
301
+ enabled: true,
302
+ color: "rgba(0,0,0,0.2)",
303
+ size: 10,
304
+ x: 5,
305
+ y: 5
306
+ },
307
+ font: {
308
+ size: 12,
309
+ face: "Inter",
310
+ bold: {
311
+ color: "#1f2937"
312
+ }
313
+ },
314
+ widthConstraint: {
315
+ maximum: 100
316
+ },
317
+ margin: 10
318
+ },
319
+ edges: {
320
+ smooth: {
321
+ type: "curvedCW",
322
+ roundness: 0.2
323
+ },
324
+ selectionWidth: 3,
325
+ arrowStrikethrough: false
326
+ },
327
+ groups: {
328
+ phishing: {
329
+ color: {
330
+ border: "#fca5a5",
331
+ background: "#fef2f2",
332
+ highlight: {
333
+ border: "#ef4444",
334
+ background: "#fee2e2"
335
+ },
336
+ hover: {
337
+ border: "#ef4444",
338
+ background: "#fee2e2"
339
+ }
340
+ }
341
+ },
342
+ execution: {
343
+ color: {
344
+ border: "#fcd34d",
345
+ background: "#fffbeb",
346
+ highlight: {
347
+ border: "#f59e0b",
348
+ background: "#fef3c7"
349
+ },
350
+ hover: {
351
+ border: "#f59e0b",
352
+ background: "#fef3c7"
353
+ }
354
+ }
355
+ },
356
+ c2: {
357
+ color: {
358
+ border: "#6ee7b7",
359
+ background: "#ecfdf5",
360
+ highlight: {
361
+ border: "#10b981",
362
+ background: "#d1fae5"
363
+ },
364
+ hover: {
365
+ border: "#10b981",
366
+ background: "#d1fae5"
367
+ }
368
+ }
369
+ },
370
+ "data-theft": {
371
+ color: {
372
+ border: "#a78bfa",
373
+ background: "#f5f3ff",
374
+ highlight: {
375
+ border: "#8b5cf6",
376
+ background: "#ede9fe"
377
+ },
378
+ hover: {
379
+ border: "#8b5cf6",
380
+ background: "#ede9fe"
381
+ }
382
+ }
383
+ },
384
+ cloud: {
385
+ color: {
386
+ border: "#f9a8d4",
387
+ background: "#fce7f3",
388
+ highlight: {
389
+ border: "#ec4899",
390
+ background: "#fbcfe8"
391
+ },
392
+ hover: {
393
+ border: "#ec4899",
394
+ background: "#fbcfe8"
395
+ }
396
+ }
397
+ },
398
+ lateral: {
399
+ color: {
400
+ border: "#93c5fd",
401
+ background: "#eff6ff",
402
+ highlight: {
403
+ border: "#3b82f6",
404
+ background: "#dbeafe"
405
+ },
406
+ hover: {
407
+ border: "#3b82f6",
408
+ background: "#dbeafe"
409
+ }
410
+ }
411
+ },
412
+ exfiltration: {
413
+ color: {
414
+ border: "#facc15",
415
+ background: "#fefce8",
416
+ highlight: {
417
+ border: "#eab308",
418
+ background: "#fef9c3"
419
+ },
420
+ hover: {
421
+ border: "#eab308",
422
+ background: "#fef9c3"
423
+ }
424
+ }
425
+ }
426
+ },
427
+ physics: {
428
+ enabled: true,
429
+ solver: "forceAtlas2Based",
430
+ forceAtlas2Based: {
431
+ gravitationalConstant: -50,
432
+ centralGravity: 0.01,
433
+ springLength: 200,
434
+ springConstant: 0.08,
435
+ damping: 0.4
436
+ },
437
+ stabilization: {
438
+ iterations: 100
439
+ }
440
+ },
441
+ interaction: {
442
+ dragNodes: true,
443
+ dragView: true,
444
+ hideEdgesOnDrag: false,
445
+ multiselect: false,
446
+ navigationButtons: false,
447
+ keyboard: {
448
+ enabled: true,
449
+ speed: {
450
+ x: 10,
451
+ y: 10,
452
+ zoom: 0.02
453
+ }
454
+ },
455
+ tooltipDelay: 100
456
+ },
457
+ layout: {
458
+ improvedLayout: true
459
+ }
460
+ };
461
+
462
+ // Initialize network
463
+ const network = new vis.Network(container, data, options);
464
+
465
+ // Tooltip handling
466
+ const tooltip = document.getElementById("node-tooltip");
467
+
468
+ network.on("hoverNode", function(params) {
469
+ const nodeId = params.node;
470
+ const node = nodes.get(nodeId);
471
+ const step = attackSteps.find(s => s.id === nodeId);
472
+
473
+ if (step) {
474
+ tooltip.innerHTML = `
475
+ <h4 class="font-semibold text-gray-800 mb-2">${step.title}</h4>
476
+ <p class="text-sm text-gray-600">${step.behavior}</p>
477
+ `;
478
+
479
+ const nodePos = network.getPositions([nodeId]);
480
+ const canvasPos = network.canvasToDOM({
481
+ x: nodePos[nodeId].x,
482
+ y: nodePos[nodeId].y
483
+ });
484
+
485
+ tooltip.style.left = `${canvasPos.x + 20}px`;
486
+ tooltip.style.top = `${canvasPos.y - 20}px`;
487
+ tooltip.style.display = "block";
488
+ }
489
+ });
490
+
491
+ network.on("blurNode", function() {
492
+ tooltip.style.display = "none";
493
+ });
494
+
495
+ // Node click handling
496
+ network.on("click", function(params) {
497
+ if (params.nodes.length > 0) {
498
+ const nodeId = params.nodes[0];
499
+ const step = attackSteps.find(s => s.id === nodeId);
500
+
501
+ if (step) {
502
+ // Update step details
503
+ document.getElementById("step-number").textContent = `Step ${step.id}`;
504
+ document.getElementById("attack-behavior").textContent = step.behavior;
505
+ document.getElementById("triggered-defenses").textContent = step.defenses;
506
+
507
+ // Update alerts
508
+ const alertsContainer = document.getElementById("security-alerts");
509
+ alertsContainer.innerHTML = step.alerts.map(alert => `
510
+ <div class="alert-item p-3 rounded ${`severity-${alert.severity}`}">
511
+ <div class="text-sm font-medium text-gray-800">[${alert.severity.toUpperCase()}] ${alert.message}</div>
512
+ </div>
513
+ `).join("");
514
+
515
+ // Highlight the timeline item
516
+ document.querySelectorAll("#timeline-container div").forEach((el, idx) => {
517
+ if (idx === step.id - 1) {
518
+ el.classList.add("bg-blue-50");
519
+ } else {
520
+ el.classList.remove("bg-blue-50");
521
+ }
522
+ });
523
+ }
524
+ }
525
+ });
526
+
527
+ // Initialize timeline
528
+ const timelineContainer = document.getElementById("timeline-container");
529
+ timelineContainer.innerHTML = attackSteps.map(step => `
530
+ <div class="px-4 py-3 hover:bg-gray-50 cursor-pointer transition-colors duration-150" data-step="${step.id}">
531
+ <div class="flex items-start">
532
+ <div class="flex-shrink-0 pt-0.5">
533
+ <div class="w-3 h-3 rounded-full ${step.group === "phishing" ? "bg-red-500" :
534
+ step.group === "execution" ? "bg-yellow-500" :
535
+ step.group === "c2" ? "bg-green-500" :
536
+ step.group === "data-theft" ? "bg-purple-500" :
537
+ step.group === "cloud" ? "bg-pink-500" :
538
+ step.group === "lateral" ? "bg-blue-500" : "bg-indigo-500"}"></div>
539
+ </div>
540
+ <div class="ml-3">
541
+ <h4 class="text-sm font-medium text-gray-800">${step.title}</h4>
542
+ <p class="text-xs text-gray-500 mt-1">${step.defenses}</p>
543
+ </div>
544
+ </div>
545
+ </div>
546
+ `).join("");
547
+
548
+ // Timeline click handling
549
+ document.querySelectorAll("#timeline-container div[data-step]").forEach(el => {
550
+ el.addEventListener("click", function() {
551
+ const stepId = parseInt(this.getAttribute("data-step"));
552
+ network.selectNodes([stepId]);
553
+ network.focus(stepId, {
554
+ animation: {
555
+ duration: 500,
556
+ easingFunction: "easeInOutQuad"
557
+ }
558
+ });
559
+
560
+ // Simulate node click to update details
561
+ const step = attackSteps.find(s => s.id === stepId);
562
+ if (step) {
563
+ document.getElementById("step-number").textContent = `Step ${step.id}`;
564
+ document.getElementById("attack-behavior").textContent = step.behavior;
565
+ document.getElementById("triggered-defenses").textContent = step.defenses;
566
+
567
+ const alertsContainer = document.getElementById("security-alerts");
568
+ alertsContainer.innerHTML = step.alerts.map(alert => `
569
+ <div class="alert-item p-3 rounded ${`severity-${alert.severity}`}">
570
+ <div class="text-sm font-medium text-gray-800">[${alert.severity.toUpperCase()}] ${alert.message}</div>
571
+ </div>
572
+ `).join("");
573
+
574
+ // Highlight the timeline item
575
+ document.querySelectorAll("#timeline-container div").forEach((el, idx) => {
576
+ if (idx === step.id - 1) {
577
+ el.classList.add("bg-blue-50");
578
+ } else {
579
+ el.classList.remove("bg-blue-50");
580
+ }
581
+ });
582
+ }
583
+ });
584
+ });
585
+
586
+ // Zoom controls
587
+ document.getElementById("zoom-in").addEventListener("click", function() {
588
+ network.moveTo({
589
+ scale: network.getScale() * 1.2,
590
+ animation: true
591
+ });
592
+ });
593
+
594
+ document.getElementById("zoom-out").addEventListener("click", function() {
595
+ network.moveTo({
596
+ scale: network.getScale() / 1.2,
597
+ animation: true
598
+ });
599
+ });
600
+
601
+ document.getElementById("fit-view").addEventListener("click", function() {
602
+ network.fit({
603
+ animation: {
604
+ duration: 1000,
605
+ easingFunction: "easeInOutQuad"
606
+ }
607
+ });
608
+ });
609
+
610
+ // Initialize with first step selected
611
+ setTimeout(() => {
612
+ network.selectNodes([1]);
613
+ network.focus(1, {
614
+ animation: {
615
+ duration: 500,
616
+ easingFunction: "easeInOutQuad"
617
+ }
618
+ });
619
+
620
+ const step = attackSteps[0];
621
+ document.getElementById("step-number").textContent = `Step ${step.id}`;
622
+ document.getElementById("attack-behavior").textContent = step.behavior;
623
+ document.getElementById("triggered-defenses").textContent = step.defenses;
624
+
625
+ const alertsContainer = document.getElementById("security-alerts");
626
+ alertsContainer.innerHTML = step.alerts.map(alert => `
627
+ <div class="alert-item p-3 rounded ${`severity-${alert.severity}`}">
628
+ <div class="text-sm font-medium text-gray-800">[${alert.severity.toUpperCase()}] ${alert.message}</div>
629
+ </div>
630
+ `).join("");
631
+
632
+ // Highlight first timeline item
633
+ document.querySelector("#timeline-container div:first-child").classList.add("bg-blue-50");
634
+ }, 500);
635
+ </script>
636
+ <p style="border-radius: 8px; text-align: center; font-size: 12px; color: #fff; margin-top: 16px;position: fixed; left: 8px; bottom: 8px; z-index: 10; background: rgba(0, 0, 0, 0.8); padding: 4px 8px;">Made with <img src="https://enzostvs-deepsite.hf.space/logo.svg" alt="DeepSite Logo" style="width: 16px; height: 16px; vertical-align: middle;display:inline-block;margin-right:3px;filter:brightness(0) invert(1);"><a href="https://enzostvs-deepsite.hf.space" style="color: #fff;text-decoration: underline;" target="_blank" >DeepSite</a> - 🧬 <a href="https://enzostvs-deepsite.hf.space?remix=capta1n/bas3" style="color: #fff;text-decoration: underline;" target="_blank" >Remix</a></p></body>
637
+ </html>
prompts.txt ADDED
@@ -0,0 +1 @@
 
 
1
+ 将以下攻击步骤转化为攻击拓扑图表的形式进行展示,在一个图表中完整按顺序展示攻击步骤,以攻击者为起点,每个节点为一个攻击行为,每个攻击节点之间按顺序用箭头进行连接,每个攻击节点点开后在图表侧边弹窗展示具体的攻击行为内容,图表下方展示每个步骤触发的防护产品名称和告警信息内容。 图表设计要求 1. 图表中的连线和节点不要重叠 2. 缩小每个节点的大小确保图表可以完整清晰的展示全部攻击节点和节点之间的执行顺序 3. 节点和连线在图表上可以自由拖拽 步骤1:钓鱼邮件投递 ● 攻击行为:伪造"拥抱AI变革"通知邮件,内含带恶意木马的文件(伪造成files.zip文件) ● 触发防护:邮件安全网关 ● 告警信息:[严重] 检测到仿冒发件人邮件 | 发件人: itsupport@fakecompany[.]com → 目标: victim@corp.com | 包含恶意附件哈希(SHA256: a1b2c3...) | 判定为Emotet钓鱼模板 步骤2:木马执行 ● 攻击行为:受害者下载木马文件后触发PowerShell脚本,下载Cobalt Strike DLL并注入到合法进程 ● 触发防护:终端检测与响应(EDR) ● 告警信息:[高危] 可疑进程注入行为 | 进程: C:\Windows\System32\explorer.exe → 加载内存模块: a09xdf.dll | DLL签名无效且匹配已知Cobalt Strike特征码 步骤3:C2通道建立与横向移动 ● 攻击行为:通过CDN域名的HTTPS心跳通信(如api.cloudfront[.]com),部署反向SSH隧道至内网跳板机 ● 触发防护:网络流量分析(NTA) ● 告警信息:[紧急] 异常外联行为 | 目标IP: 54.231.1.1(归属AWS新加坡) | 协议: HTTPS | 证书指纹异常(CN=*.cloudfront[.]com但签发者匹配Let's Encrypt野生证书) 步骤4:凭据窃取与浏览器模拟 ● 攻击行为:利用Mimikatz提取Chrome浏览器Cookie并伪造User-Agent(同步受害者浏览器指纹) ● 触发防护:身份认证异常检测(UEBA) ● 告警信息:[高危] 异常浏览器会话 | 用户: Victim_Account | IP来源: 172.16.1.23 → 登录设备指纹突变(新增虚拟机特征/QEMU虚拟显卡) 步骤5:云文档渗透 ● 攻击行为:通过劫持的语雀API Token访问《生产环境运维手册》,提取内嵌的SSH私钥(Base64编码) ● 触发防护:DLP(数据防泄漏) ● 告警信息:[严重] 敏感数据访问行为 | 用户: Victim_Account | 操作: 下载文档ID: YUQUE-1234 | 内容匹配关键字: "prod_ssh_private_key" 步骤6:生产网络入侵 ● 攻击行为:通过跳板机使用SSH证书登陆MySQL数据库服务器(IP: 10.8.8.88,账号: dba_admin) ● 触发防护:HIDS(主机入侵检测) ● 告警信息:[紧急] 非常规时间SSH登录 | 账号: dba_admin | 来源IP: 10.8.8.12(测试环境跳板机) | 操作: 执行SHOW DATABASES 步骤7:数据外泄 ● 攻击行为:将压缩加密后的客户数据(文件名: taobaodata.tar.gz.enc)通过DNS隧道传输到alibaba-bas.com ● 触发防护:全流量威胁回溯 ● 告警信息:[严重] 异常数据传输 | 协议: DNS TXT记录 | 目标域: xyz.attacker[.]com | 数据量: 142MB(超阈值500%)