IntermediateSIEMXDRFirewall

Malware Investigation: RedLine Stealer Infostealer Campaign

Investigate a RedLine Stealer infection originating from a malicious 'Netflix Checker' application. Analysts will trace the execution from the initial dropper to the final payload, identify the specific sensitive data targeted (browsers, crypto wallets, VPNs), and analyze the SOAP-based C2 communication used for exfiltration.

9 tasks

150 points

Free

Start this operation

Create your free account and begin immediately.

Get Early Access — Free

Free forever — no credit card required

Investigation Tasks

Complete each task by investigating alerts and submitting your findings.

Identifying the Initial Entry Point

SOC{domain_name}Hint available

Dropper Execution and Decryption

SOC{sha256_hash}Hint available

Analyzing Payload Masquerading

SOC{filename}Hint available

Brute Force Source Identification

Identify the external IP address that successfully gained access to the FIN-WS-01 workstation via a RemoteInteractive logon after multiple failed attempts.

SOC{...}Hint available

Profiling the Victim's Location

SOC{domain_or_url}Hint available

Crypto Wallet Discovery

SOC{wallet_name}Hint available

Persistence Mechanism

SOC{filename}Hint available

C2 Infrastructure Identification

SOC{domain:port}Hint available

Analyzing Exfiltration Volume

SOC{bytes_sent} - Just the numberHint available

9 tasks · 150 points total

Start investigation

Training Tools

SIEM Console

Log analysis & SPL queries

XDR Console

Endpoint detection & response

Firewall Console

Network traffic analysis

Skills You'll Build

Investigate realistic security alerts

SIEM log analysis

XDR log analysis

Firewall log analysis

MITRE ATT&CK technique identification

Triage decisions: escalate, investigate, or close

Evidence collection and documentation

Job-ready incident response methodology

Intermediate

Requires foundational alert triage skills. Multiple data sources to correlate.

Prerequisites

Basic understanding of security alerts
Familiarity with SIEM concepts
Familiarity with XDR concepts
Familiarity with Firewall concepts

Ready to investigate?

Create your free account and begin immediately.

Get Early Access — Free

Free forever — no credit card required

More Operations

View all

BeginnerSIEMXDR

ClickFix: The Fake CAPTCHA Trap

Investigate a modern 'ClickFix' social engineering attack where a user was tricked into executing a malicious PowerShell command via a fake CAPTCHA interface. You will analyze SIEM and XDR telemetry to trace the infection from the initial web lure to the deployment of an infostealer.

30m20 pts

BeginnerSIEMXDR

Phishing Investigation: ZipLine Supply Chain Campaign

Investigate a sophisticated social engineering campaign targeting manufacturing supply chains. You will analyze a 'reversed' phishing flow where attackers use 'Contact Us' forms to trick employees into initiating email conversations, leading to the deployment of the custom MixShell in-memory implant via DNS tunneling.

45m75 pts

BeginnerSIEM

Credential Harvesting: The Lookalike Login

An investigation into a modern phishing campaign targeting critical infrastructure. You will analyze email headers for domain spoofing, identify 'Paste and Run' execution chains, and track the delivery of the LummaC2 information stealer through SIEM logs.

30m20 pts