
The Backdoored Browser Extension: Following the C2 Beacon
A routine Chrome auto-update silently trojanized a productivity extension on a finance workstation at Halverson Logistics. The extension beaconed to an attacker C2 domain, harvested the analyst's session cookies and an API token, and exfiltrated them to a VULTR-hosted server. With no malware on disk, the proxy and firewall logs are the only trail. Walk them step by step to trace the beacon, the theft, and the exfiltration.
Launches in 5 days
Tuesday, July 7, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
6 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 7, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever