
Shortcut to Compromise: LNK-in-Archive PowerShell Phishing
A finance clerk at Brightwater Logistics opens an invoice-themed ZIP and double-clicks a shortcut disguised as a document. The shortcut launches an obfuscated PowerShell loader that drops a CAB archive, expands it, runs a VBScript and batch chain, sets registry persistence, and beacons to attacker C2. Walk the mail gateway and endpoint logs step by step to trace the delivery, the loader, the persistence, and the callout.
Launches tomorrow
Friday, July 3, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
6 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever