Let's go threat huntingPlay game
You are a security analyst, and your objective is to safeguard your organization from cyberthreats. On this mission you are about to embark on, you will be challenged with 10 common network security scenarios.
Complete all 10 levels correctly, and you will be a winner!
You will see security events in the forms of reports and images. Hover your cursor over the image for each level and click the correct option( ) from the available options( ).
Remember—the devil is in the details.
Ready to play, Name?Let's go
It could be a red flag if an email from a seemingly reliable source does not specifically address you by name. Phishing emails use common generic greetings such as “dear sir/madam,” “dear user,” or “dear valued member.”
Attackers exploit the visual similarities between characters to spoof popular domain names and direct users to malicious URLs. Attackers have been seen employing Cyrillic alphabets that have visual similarities to Latin alphabets.
Attackers exploit ad space in legitimate advertising networks by injecting code or graphics to redirect users. This technique is called malvertising.
Graph 1 depicts over 100 malicious events detected on a specific endpoint by threat intelligence sources. Graph 2 shows that multiple requests from the same device have been denied, implying that connections to restricted IPs or URLs have been observed.
The same user logging on from multiple devices could be an indication of account compromise or unauthorized access. It is also wise to check the geolocations of client IP addresses.
A user sending sensitive files to an external or personal email could be a sign of data exfiltration. Admins can classify files as public, internal, sensitive, or restricted according to the organizational policy by using Log360.
An upload of a high volume of data to a third-party application can indicate an attempt at data exfiltration.
The %APPDATA% folder and the %TEMP% folder in the system are the two main locations where malware is commonly executed. This is because many Windows application files are created in these directories, which are often overlooked by security analysts.
One common behavior of ransomware is to create or modify files with unfamiliar extensions. In most cases, ransomware attacks will either append a ransom note to the affected folders or change the file extensions of the encrypted files. This is intended to indicate to the victims that their files have been encrypted.
Attackers embed malicious macros in Microsoft Word documents or Excel sheets to execute PowerShell scripts to download malware onto victims' machines. These legitimate-looking documents spawn a PowerShell process to execute commands when opened.
Take me to the next level
More levels await you in the real world. It’s time to level up your cybersecurity game. Find out how Log360 can help you with the security use cases you just saw and more.Sign up for demo
When you sign up, you also get a free, 30-day, fully functional trial of Log360!
Log360 is a comprehensive SIEM solution with integrated DLP and CASB capabilities. With Log360, you can:
Thank you for requesting a demo,
We'll be in touch soon over email to schedule your demo!
The game is compatible only with desktop devices.