Skip to main content
Purchase Order, Poisoned operation cover
COMING SOONBeginner

Purchase Order, Poisoned

A sales coordinator opened a malspam 'purchase order' and a finance workstation went quiet, then started talking to the internet. Follow the chain from a sender-spoofed email through an Equation Editor exploit, a rundll32 loader, Run-key persistence, and a hollowed system process to the FormBook stealer's HTTP command-and-control.

30m
6 tasks
25 points
Free

Launches today

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

EmailXDRSIEM

What you'll investigate

6 objectives unlock when this operation goes live.

1Trace the delivery
2Pin the exploited binary
3Recover the loader
4Find what is wearing a disguise
5Cut off the channel
6Classify the persistence

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever