Some of our cyber simulator scenarios
this only a taste of more than 200+ possible scenarios
Detecting Compromised User Credentials
Logins at unusual hours, at unusual frequency, or accessing unusual data or systems
Anomalous Privilege Escalation
Users changing or escalating privileges for critical systems
Command and Control Communication
Discover malware communicating with external attackers
Data Exfiltration
Insertion of USB thumb drives, use of personal email services, unauthorized cloud storage or excessive printing
Advanced Persistent Threats (APTs)
suspicious anomaly detection on multiple servers and endpoints
Phishing Attack
Obtain sensitive information used in fraud and impersonation
Denial of Service (DoS) Attacks
Identifying unusual traffic from organization devices, which might be leveraged by an attacker to perform an attack.
Email Forwarding
Detecting emails forwarded or sent to other entities other than stated recipient
Lateral Movement
Attackers attempting to escalate privileges or accessing other IT systems, on their way to a lucrative target
Abnormal behavior (User/Network)
Monitor logins to an F5 SSL-VPN by VIP users, identified as VIP users, during off-hours
Trojan Found
Detects malware downloaded from suspicious URL (used by Lazarus)
User Accounts
privileged user accounts was breached
GOV Intelligence
Wiper variant found on c:\windows\system32 after add GOV Intel IOC’s to monitoring
Trojan
Phorpiex Breakdown Malware – Blocked by EDR (File path: C:\WINDOWS\system32\)
Data Leak
ntds.dit file was created in C:\windows\temp directory
Scans/Probs
Suspicious Communication from Suspicious source to internal asset
Unauthorized access/action
The event log was Cleared containing the Audit Log was Cleared
Anti-virus Monitoring
Protection disabled, antivirus removed, or status of threat updates.
DNS Tunneling
Regular DNS requests to known bad domains indicate a compromised system communicating with a C2 server
Suspicious communication
Ivanti Alert on Exploit Signature Detection (CVE-2023-32560)
Suspicious communication from suspicious source via 8443 port
Ransomware
Detects suspicious hacking related Windows command line commands