Clickjacking is a social engineering technique where a hacker fools a victim into performing seemingly innocuous click(s) but ends up being compromised as a result of their actions.
Attended Zscaler's seminar today and was pretty impressed by the speaker's presentation and demo. He demonstrated Clickjacking and I decided to make a video of their demo page instead of building my own.
In this specific demo, I use the common tactic of inciting victims to visit a malicious page via email. The victim enters the webpage and are encouraged to click on an "innocent" button. This "innocent" button is just an image* that hides a Google "Create Alert" button underneath. Imagine the damage an actual malicious page containing hidden malicious scripts, code or actions can cause.
* Alignment of the fake button varies from browser to browser.
The high res version of this demo can be downloaded here.
Subscribe to:
Post Comments (Atom)
VM for ransomware investigations
My laundry list of tools/software useful when investigating ransomware cases. Tor: Obviously need this to access Onion sites. qBittorrent...
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I've used Nessus for years. I only recently heard of NeXpose after Rapid7 started funding Metasploit and promised to integrate their sca...
No comments:
Post a Comment