Karthik
Let's go threat hunting
Play gameYou are a security analyst, and your objective is to safeguard your organization from cyberthreats. On this mission you are about to embark on, you will be challenged with 10 common network security scenarios.
Complete all 10 levels correctly, and you will be a winner!
You will see security events in the forms of reports and images. Hover your cursor over the image for each level and click the correct option( ) from the available options( ).
You will see security events in the form of reports and images. Click the correct option ( ) from the available options( ).
Remember—the devil is in the details.
Ready to play, Name?
Let's go
It could be a red flag if an email from a seemingly reliable source does not specifically address you by name. Phishing emails use common generic greetings such as “dear sir/madam,” “dear user,” or “dear valued member.”
Phishing emails are frequently not personalized. The attackers might not know your name.
Attackers exploit the visual similarities between characters to spoof popular domain names and direct users to malicious URLs. Attackers have been seen employing Cyrillic alphabets that have visual similarities to Latin alphabets.
Does the domain name look familiar? Look again.
Attackers exploit ad space in legitimate advertising networks by injecting code or graphics to redirect users. This technique is called malvertising.
Check the link at the bottom. Is it the same as the one shown in the ad?
Graph 1 depicts over 100 malicious events detected on a specific endpoint by threat intelligence sources. Graph 2 shows that multiple requests from the same device have been denied, implying that connections to restricted IPs or URLs have been observed.
The most affected endpoint is the one with the highest number of denied connections.
The same user logging on from multiple devices could be an indication of account compromise or unauthorized access. It is also wise to check the geolocations of client IP addresses.
Is it common for a user to log on from multiple devices in a short interval?
A user sending sensitive files to an external or personal email could be a sign of data exfiltration. Admins can classify files as public, internal, sensitive, or restricted according to the organizational policy by using Log360.
Can users send files classified as sensitive by the policy?
An upload of a high volume of data to a third-party application can indicate an attempt at data exfiltration.
Look at the upload size.
The %APPDATA% folder and the %TEMP% folder in the system are the two main locations where malware is commonly executed. This is because many Windows application files are created in these directories, which are often overlooked by security analysts.
Do processes execute from the Temp directory?
One common behavior of ransomware is to create or modify files with unfamiliar extensions. In most cases, ransomware attacks will either append a ransom note to the affected folders or change the file extensions of the encrypted files. This is intended to indicate to the victims that their files have been encrypted.
Look at the file extensions.
Attackers embed malicious macros in Microsoft Word documents or Excel sheets to execute PowerShell scripts to download malware onto victims' machines. These legitimate-looking documents spawn a PowerShell process to execute commands when opened.
Do DOCX files spawn a PowerShell process?
Cheers,
Take me to the next level
More levels await you in the real world. It's time to level up your cybersecurity game. Find out how Log360 cloud can help you with the security use cases you just saw and more.
Sign up for Log360 CloudWhen you sign up, you also get a free, 30-day, fully functional trial of Log360 Cloud!
Log360 Cloud is a cloud SIEM solution with integrated CASB capabilities. With Log360 Cloud, you can:
Thank you for requesting a demo,
We'll be in touch soon over email to schedule your demo!
The game is compatible only with desktop devices.