Episode 4 of 5
Wednesday, 9:00 AM. They're already inside. Stolen credentials are being used across the network. Find out where and how far they went.
This episode focuses on the investigation skills below. Sign up to work the live case — no spoilers, answers, or IOCs are shown here.
Inspect phishing emails, headers, and indicators the way a SOC email specialist would.
Correlate SIEM events into a timeline and follow the attack across systems.
Review process activity and persistence clues on compromised hosts.
Follow one incident from first alert to containment across five episodes.