
COMING SOONBeginner
Purchase Order, Poisoned
A sales coordinator opened a malspam 'purchase order' and a finance workstation went quiet, then started talking to the internet. Follow the chain from a sender-spoofed email through an Equation Editor exploit, a rundll32 loader, Run-key persistence, and a hollowed system process to the FormBook stealer's HTTP command-and-control.
30m
6 tasks
25 points
FreeLaunches today
Jul 3, 2026
Create your free accountFriday, July 3, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
EmailXDRSIEM
What you'll investigate
6 objectives unlock when this operation goes live.
1Trace the delivery
2Pin the exploited binary
3Recover the loader
4Find what is wearing a disguise
5Cut off the channel
6Classify the persistence
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever