Attack Demos
Educational demonstrations of common attack vectors. For security researchers and defenders.
About
These demos illustrate real attack techniques used in the wild. They are intentionally simplified for educational purposes. Use responsibly and only in authorized environments.
Demo
Clickfix DNS
Execute commands via DNS CNAME records on Windows. The payload lives in DNS. Change the record, change the command.
View demoDemo
Clickfix DNS (Mac)
Same technique on macOS: bash + dig TXT in Terminal. Entire payload from DNS. Record: clickfix-dns-mac.intel.cx.
View demoDemo
Clickfix IEX
Download and execute from a URL via iex + WebClient. Domain: fix-support.icu.
View demoDemo
Clickfix MSHTA
Execute remote HTA via mshta LOLBin. Windows only. Domain: fix-support.to.
View demoDemo
Clickfix Encoded
PowerShell -EncodedCommand hides the payload in Base64. Domain: getyourpages.com.
View demoDemo
Clickfix curl (Mac)
Same technique on macOS: curl piped to bash. Domain: fix-support.icu/pm.
View demo