Episode 5 of 5
Thursday, 7:30 AM. Time to end this. Isolate the threat, find the persistence, and close out your first real incident.
This episode focuses on the investigation skills below. Sign up to work the live case — no spoilers, answers, or IOCs are shown here.
Correlate SIEM events into a timeline and follow the attack across systems.
Review process activity and persistence clues on compromised hosts.
Cross-check IOCs and campaign context to decide what is noise and what is real.
Follow one incident from first alert to containment across five episodes.