Games
Break the Kill Chain
A rapid drag-and-drop micro-CTF to test how quickly you can spot and stop an attack sequence. Beat the clock, submit your order, and see where Unit6 would have intercepted the playbook.
Estimated time: 30–45 seconds • Audience: Threat Intel, SOC, CISOs
Break the Kill Chain
Drag the steps into the correct attack sequence before time runs out.
Attack Events
Command & Control
Internal recon for high-value file servers
With a foothold, the attacker enumerates file servers, shares, and user access to map lucrative targets.
Actions on Objectives
Ransomware triggered across endpoints
Ransomware is executed on selected endpoints to maximize disruption and ransom leverage.
Exploitation
ISO opened, loader drops Cobalt Strike on 50050
The user mounts the ISO and executes an embedded loader that deploys a Cobalt Strike beacon listening on port 50050.
Delivery
Malicious ISO delivered to finance lead
A well-crafted spear-phish delivers an ISO attachment to a finance stakeholder, leveraging urgency and trust.
Installation
Beacon calls out to compromised VPS C2
The beacon establishes command and control to a domain hosted on a compromised VPS, blending with normal outbound traffic.
Actions on Objectives
Data exfil via Dropbox/cloud storage token
Sensitive data is staged and moved out via cloud storage tokens to evade perimeter egress controls.
Results
Submit your order to see which steps you nailed and where the attacker really moved next.