Workstation issuing ~5,000 long-subdomain DNS queries / hour to one 4-day-old TLD — no matching TCP/UDP outbound, design CAD files accessed
A hard Cybersecurity scenario on DNS Tunneling Exfiltration.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 5 templates in this Track + Difficulty pool.
catalog id · dns-tunnel-exfil-design-engineer
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- DNS-tunnel pattern recognition
- Anomaly-driven outbound scoping
- Application Layer Protocol · Command and ControlT1071 · TA0011MappedHigh confidence
Trains DNS-channel triage for suspected exfiltration.
- Exfiltration Over Alternative Protocol · ExfiltrationT1048 · TA0010MappedMedium confidence
Trains scoping of non-standard exfil channels.
- Network Traffic AnalysisD3-NTAMappedHigh confidence
Trains the DNS-traffic visibility posture the scenario centers on.
- Network Traffic FilteringD3-NTFMappedMedium confidence
Trains the outbound-filtering control once the domain is scoped.
- Anomalies and Events · DetectDE.AE · DEMappedHigh confidence
Trains anomaly-detection reasoning on DNS telemetry.
- IR lifecycle phaseDetection & AnalysisMappedHigh confidence
Trains DNS-pattern triage and scoping.
- IR lifecycle phaseContainment, Eradication & RecoveryMappedHigh confidence
Trains DNS-based containment workflow.
- Detecting Relevant Threats and TTPs3.AMappedHigh confidence
Trains the detection-engineering baseline the scenario exercises.
- Network Monitoring and DefenseControl 13MappedHigh confidence
Trains the network-monitoring control the scenario exercises.
- Audit Log ManagementControl 8MappedMedium confidence
Trains the DNS-log review the response depends on.