Add index.html for Security Awareness Training

rolling-code · web-flow · commit 92eb3f138846 · 2025-12-02T14:40:26.000-05:00
diff --git a/docs/index.html b/docs/index.html
@@ -0,0 +1,102 @@
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>Security Awareness Training – OAuth Simulation</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <style>
+    body {
+      font-family: "Segoe UI", Roboto, Arial, sans-serif;
+      background: #0F172A;
+      color: #F9FAFB;
+      margin: 0;
+      padding: 0;
+    }
+    header {
+      background: #1E293B;
+      padding: 20px;
+      text-align: center;
+      font-size: 24px;
+      font-weight: bold;
+      color: #38BDF8;
+    }
+    .container {
+      max-width: 800px;
+      margin: 40px auto;
+      background: #1E293B;
+      padding: 30px;
+      border-radius: 12px;
+      box-shadow: 0 8px 24px rgba(0,0,0,0.4);
+    }
+    h1 {
+      color: #38BDF8;
+      margin-bottom: 10px;
+    }
+    p {
+      line-height: 1.6;
+      font-size: 18px;
+    }
+    .alert {
+      background: #F87171;
+      color: #0F172A;
+      padding: 12px;
+      border-radius: 8px;
+      font-weight: bold;
+      margin: 20px 0;
+    }
+    ul {
+      margin-top: 10px;
+      padding-left: 20px;
+    }
+    li {
+      margin-bottom: 8px;
+    }
+    footer {
+      text-align: center;
+      font-size: 14px;
+      color: #94A3B8;
+      margin-top: 40px;
+    }
+    .btn {
+      display: inline-block;
+      padding: 12px 20px;
+      background: #38BDF8;
+      color: #0F172A;
+      font-weight: bold;
+      text-decoration: none;
+      border-radius: 8px;
+      margin-top: 20px;
+    }
+    .btn:hover {
+      background: #0EA5E9;
+    }
+  </style>
+</head>
+<body>
+  <header>Security Awareness Training</header>
+  <div class="container">
+    <h1>OAuth Consent Simulation Complete</h1>
+    <div class="alert">⚠️ This was a phishing simulation – no credentials were captured.</div>
+    <p>
+      You clicked a link and signed in because the consent screen looked familiar. This exercise demonstrates how attackers exploit <strong>trusted app names</strong> to trick users.
+    </p>
+    <h2>What happened?</h2>
+    <ul>
+      <li>The sign-in page looked legitimate because it was Microsoft’s real login page.</li>
+      <li>The app name shown was a well-known service (e.g., Microsoft Teams).</li>
+      <li>You trusted the app name without checking the <strong>redirect URL</strong> or <strong>permissions requested</strong>.</li>
+    </ul>
+    <h2>How to protect yourself:</h2>
+    <ul>
+      <li>Always verify the <strong>redirect URI</strong> before granting consent.</li>
+      <li>Check the <strong>permissions requested</strong> – attackers often ask for more than they need.</li>
+      <li>If something feels off, stop and report it to IT Security.</li>
+    </ul>
+    <a hrefMore About Phishing Risks</a>
+  </div>
+  <footer>
+    © 2025 Security Awareness Program | This was a controlled simulation for training purposes.
+  </footer>
+</body>
+</html>
