Clickjacking is a social engineering technique where a hacker fools a victim into performing seemingly innocuous click(s) but ends up being compromised as a result of their actions.
Attended Zscaler's seminar today and was pretty impressed by the speaker's presentation and demo. He demonstrated Clickjacking and I decided to make a video of their demo page instead of building my own.
In this specific demo, I use the common tactic of inciting victims to visit a malicious page via email. The victim enters the webpage and are encouraged to click on an "innocent" button. This "innocent" button is just an image* that hides a Google "Create Alert" button underneath. Imagine the damage an actual malicious page containing hidden malicious scripts, code or actions can cause.
* Alignment of the fake button varies from browser to browser.
The high res version of this demo can be downloaded here.
Subscribe to:
Post Comments (Atom)
VMware Workstation Pro is now free for personal use!!!
VMware Workstation Pro is now free for personal use!!! However, it was not straight forward to install on Ubuntu as I encountered error mes...
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...
No comments:
Post a Comment