Active Incident

Network Intrusion Detected

You are the incident responder. An attacker is active on the internal network. Your job is to investigate logs, find clues, identify the attacker, access the compromised host, and contain the threat before more damage is done.

← Back to Home

CyberArena Live Mission

Operation: Silent Signal

A game-style incident response mission. Follow the clues, investigate artifacts, pivot into a Windows host, and contain the attacker.

Mission Objectives

  • Read the incident briefing
    Command: brief
  • Scan the internal network
    Command: nmap 10.10.10.0/24
  • Review suspicious authentication logs
    Command: cat logs/auth.log
  • Inspect suspicious artifact
    Command: cat artifacts/suspicious.txt
  • Identify attacker IP
    Command: whoisattack
  • SSH into compromised Windows host
    Command: ssh analyst@10.10.10.23
  • Find malicious process
    Command: Get-Process
  • Contain the attacker
    Command: contain-threat
  • Generate incident report
    Command: generate-report

Progress

0 / 9 objectives complete

Linux IR Jumpbox

CyberArena IR Terminal booting...
Loading incident workspace...
Connected to SOC jumpbox: ir-jump-01
Type 'help' to view available commands.
analyst@ir-jump-01:~$