| Risk | Description | Mitigation in Hackviser | |------|-------------|------------------------| | Link leakage | Sharing a link with an active token gives unauthorized access. | Short-lived tokens (1–4 hours), IP pinning (optional). | | Replay attacks | Capturing a link and reusing it after session ends. | Tokens include jti (unique ID) and are revoked on logout/timeout. | | Environment abuse | Using a scenario to attack other users or the platform. | Network isolation per user; rate limiting on spawned instances. | | Metadata exposure | The link might reveal internal IPs or API endpoints. | Use internal DNS for orchestration; never expose raw Docker socket. |
Hackviser scenarios are typically categorized by difficulty (Easy, Medium, Hard) and focus on specific vulnerabilities or attack vectors. The "link" usually refers to the direct access point to these virtual labs via the platform's dashboard. Lab Environment hackviser scenarios link
The feature will support multiple types of training modules: | Risk | Description | Mitigation in Hackviser