You are a Tier 1 cybersecurity SOC analyst at a 1,800-employee financial services firm. Your shift starts at 7am Eastern. Overnight, a phishing email landed in eight inboxes through a third-party invoicing brand impersonation. One user clicked the link, entered their password on a credential-harvesting page, and approved an MFA push.
The EDR raised an alert on the user's laptop thirty minutes after credential entry: an unusual PowerShell process spawned by Outlook. The endpoint is still online. The user is on PTO this week.
Your job for this scenario is to read the artifacts, identify the technique, scope the impact, and pick the correct first response. Each step has progressive hints if you get stuck. Hint usage reduces step score by the listed amount.
One ordered pass through every step. No clock. Each answer scores against the canonical solution.
Hints reduce the points you can earn for that step. Free-text steps queue for manual review.