Interactive E-Skimming Labs
Hands-on cybersecurity training for understanding and defending against payment card skimming attacks
Available Labs
Choose from our interactive labs designed to teach you about different e-skimming attack techniques and defense strategies.
Basic Magecart Attack
Learn the fundamentals of payment card skimming attacks through JavaScript injection. Understand how attackers compromise e-commerce sites, intercept form submissions, and exfiltrate credit card data. Practice detection using browser DevTools and implement basic defensive measures.
Start LabDOM-Based Skimming
Master advanced DOM manipulation techniques for stealthy payment data capture. Learn real-time field monitoring, dynamic form injection, Shadow DOM abuse, and DOM tree manipulation. Understand how attackers bypass traditional detection methods.
Start LabBrowser Extension Hijacking
Explore sophisticated browser extension-based attacks that exploit privileged APIs and persistent access. Learn about content script injection, background script persistence, cross-origin communication, and supply chain attacks through malicious extensions.
Start LabSteganography / Favicon Trojan
Learn how attackers hide malicious payloads inside innocent-looking images like favicons. Understand steganography techniques, how browsers process image data, and how to detect hidden code in media files.
Start LabLearning Resources
Explore our comprehensive resources to deepen your understanding of e-skimming attacks.
MITRE ATT&CK Framework
Explore the comprehensive MITRE ATT&CK matrix specifically tailored for e-skimming attacks and payment card fraud.
View ATT&CK MatrixInteractive Threat Model
Visualize attack vectors and understand the threat landscape with our interactive threat modeling tool.
Explore Threat Model