All of CYRIN's attack scenarios (Level 3).

In this exercise, the student plays the role of a security admin of an enterprise network. They are asked to investigate a potential malware-based attack.

The student is told that an intrusion detection system has seen periodic outgoing connections from a computer within the enterprise network to a computer on the Interent. The student must block the outgoing traffic, determine the computer from which the traffic is originating, find the malware on that computer, examine it to see what information is being sent out, and stop the attack.


  • Familiarity with the Linux/UNIX command line (shell commands)
  • Basics of the TCP/IP network protocol stack
  • Exposure to tools such tcpdump
  • Some knowledge of administering a pfSense firewall including editing rules and viewing logs

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.


Included if you are a subscriber to any of the following training packages:

  • Level 3: Utility Under Attack Scenarios, Attack/Defense/IR Exercises, & Instructional Labs
Attack Scenario