
COMING SOONAdvancedPRO
Rhysida Ransomware: Healthcare Network Intrusion
A Rhysida ransomware affiliate phishes a healthcare staff member's VPN credentials and exploits a stale MFA exemption to breach a regional medical center. Using a Cobalt Strike beacon and built-in Windows tools, the attacker extracts all domain credentials, exfiltrates patient records for double extortion, and deploys the encryptor estate-wide. Trace the kill chain from the first failed VPN login to the final ransom note.
1h 30m
7 tasks
150 points
ProLaunches today
Jul 3, 2026
View Pro plansFriday, July 3, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
SIEMXDRFirewall
What you'll investigate
7 objectives unlock when this operation goes live.
1Establish the entry point
2Attribute the first successful tunnel
3Find the credential theft method
4Locate the command-and-control channel
5Track the data out
6Name the privileged account used post-DC
7Classify the pre-encryption disruption
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 3, 2026, you can jump straight in.
Get Started FreeNo credit card required — free forever