
Weaponized SVG: Hidden JavaScript in an Image Attachment
A treasury analyst at a bank opens a SWIFT-themed phishing email carrying an SVG attachment. The image is XML that smuggles Base64-encoded JavaScript; clicking Download PDF writes a ZIP to disk instead. Inside is a JavaScript downloader that wscript.exe runs, pulling a Java loader from an Amazon S3 bucket that deploys the Blue Banana RAT. Walk the email gateway, file artifacts, and endpoint process tree step by step from the spoofed sender to the C2 beacon.
Launches in 4 days
Tuesday, July 7, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
6 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 7, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever