Security demos

A collection of interesting attack scenarios

Attack Live demo Source / description How to fix it / protect yourself
From XSS to account takeover
Achieve account takeover, using an XSS which changes the email address of the victim account When implementing a change email feature, besides using an anti-CSRF token and enable all security flags for cookies, also require the user to enter the current password
From SSRF to AWS credentials
Steal AWS metadata credentials with a Server Side Request Forgery (SSRF) vulnerability. Real world example: CVE-2021-21311 If possible generate the URL on server-side, always do input validation and replace the old IMDSv1 with IMDSv2 (Instance Metadata Service v2) on AWS to makes SSRF attacks more difficult
Email spoofing
All you need to send fake emails is a server and a couple of lines of code For sysadmin: enable SPF, DKIM, and DMARC
For users: manually check the source headers of suspicious emails
Browser in the browser
Steal Google credentials with a fake Single sign-on (SSO) pop-up window. Source: Use a password manager with browser extension or check if the popup-window can be moved outsite the main one
Copy and paste commands from untrusted websites may be enough to install malware on your machine. In this demo only an empty file will be created in your desktop. Source: For Linux: add set enable-bracketed-paste off in the ~/.bashrc
For Windows: enable the multiline past warning
Finally, use a clipboard manager to check and monitor your clipboard
Web CTF challenge
Solve the web challenge! All you need is a browser -