Scenario library

Masonry grid, editor strip, and headline search mirror a newsroom archive: you skim, pin, and open only the investigations that match your desk mandate.

Search scenarios

Filter by tag

Editor's wire

Seoul Metro Credential Spray Replay

Walk through a noisy authentication spike, separate automation from human-driven attempts, and document a defensible timeline for leadership.

CloudTrail Drift: Shadow Admin Keys

Hunt for dormant privileged identities that reappear after control changes, using cloud-native logs without jumping to conclusions.

Hangang Ransom Note Linguistics Lab

Practice extracting actionable indicators from extortion language while avoiding melodramatic attribution claims.

6 training scenarios in the masonry grid.

ProxyLog Canvas: Log Analysis Sprint

Compress a week of reverse-proxy logs into a defendable story about credential stuffing versus misrouted API clients.

Supply-Chain Package Poisoning Desk

Trace a poisoned dependency update through build logs, package hashes, and CI alerts without accusing vendors recklessly.

Insider Pattern: Quiet Exfiltration Drills

Evaluate slow data movement that could be research—or theft—using DLP-style clues without vilifying employees.

Kubernetes Audit Noise Workshop

Turn hyperactive Kubernetes audit streams into prioritized investigation threads for platform and SOC teams.

BEC Playbook: Vendor Email Thread Forensics

Reconstruct a business email compromise thread with header forensics, tone shifts, and banking-change validation steps.

OT Adjacency: ICS Telemetry Crossover

Read low-volume OT-adjacent telemetry alongside IT alerts to spot maintenance windows masquerading as incidents.