Lab Dashboard
Status Overview
Incident Timeline
Anomalous persistence mechanism observed in scheduled tasks. Process hollowing technique consistent with Basilisk family. Specimen isolated for analysis. Host quarantined.
Encrypted outbound traffic to unknown host on port 443. HTTPS mimicry. Traffic pattern consistent with Gremlin class lateral movement. Blocked at perimeter. Origin under investigation.
Perimeter audit completed. 4 external-facing services reviewed. 2 misconfigurations documented. Remediation checklist issued. No active intrusions at time of assessment.
Findings Register
| Ghost # | Classification | Severity | Status | Detected |
|---|---|---|---|---|
| Ghost #07 | Basilisk · Persistence | Critical | In Analysis | 2025-01-13 |
| Ghost #04 | Gremlin · C2 Beacon | High | Contained | 2025-01-11 |
| Ghost #02 | Specter · Recon | Medium | Logged | 2025-01-08 |
| Ghost #01 | Wraith · Misconfiguration | Low | Exorcised | 2025-01-08 |
Intercepted Scrolls
Updated behavioral signatures for Ghost #07 class. New persistence via WMI subscriptions. IOCs updated in detection rules. Review your WMI audit logs.
Received: 2025-01-12Third-party library in your dependency tree flagged for suspicious commit. Recommend pinning versions and auditing build pipeline for tampering.
Received: 2025-01-09Remediation Rites
- Isolate affected host and preserve volatile memory image
- Block C2 egress at perimeter firewall — Ghost #04
- Remediate misconfiguration findings from initial audit
- Complete behavioral analysis of Ghost #07 specimen
- Audit WMI subscriptions across all endpoints
- Pin dependency versions and review build pipeline integrity
Academy
No lessons published yet.
Introduction to the nature of numbers — foundations of mathematical thought.
No lessons published yet.