
COMING SOONIntermediatePRO
Hide Your RDP
An internet-facing RDP server at a logistics firm is password-sprayed into, and within hours a RansomHub affiliate dumps credentials, pivots to the domain controller and backup servers, steals finance data over SFTP, and deploys ransomware. Work the authentication records, the endpoint process tree, and the perimeter traffic to reconstruct the intrusion end to end.
1h
6 tasks
50 points
ProLaunches in 5 days
Jul 14, 2026
View Pro plansTuesday, July 14, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
SIEMXDRFirewall
What you'll investigate
6 objectives unlock when this operation goes live.
1Find the account that fell to the spray
2Pin the foothold source
3Catch the directory theft
4Name the persistence agent
5Follow the data out
6Classify the recovery sabotage
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 14, 2026, you can jump straight in.
Get Started FreeNo credit card required — free forever