Customer prefix hijack + abnormal DNS volume from internal resolver to attacker AS
A hard Cyber × Network Fusion scenario on BGP Hijack + DNS Exfil.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 4 templates in this Track + Difficulty pool.
catalog id · fusion-bgp-hijack-dns-exfil
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- DNS-and-routing correlated triage
- Layered egress containment discipline
- Application Layer Protocol · Command and ControlT1071 · TA0011MappedHigh confidence
Trains correlated triage of DNS-channel egress and routing anomalies.
- Data Manipulation · ImpactT1565 · TA0040PartialMedium confidence
Trains scoping when routing manipulation enables data redirection.
- Network Traffic AnalysisD3-NTAMappedHigh confidence
Trains the visibility posture across the DNS plane and routing tiers.
- Network Traffic FilteringD3-NTFMappedMedium confidence
Trains the outbound-filtering control once the channel is scoped.
- Anomalies and Events · DetectDE.AE · DEMappedHigh confidence
Trains anomaly-detection reasoning across DNS and routing telemetry.
- IR lifecycle phaseDetection & AnalysisMappedHigh confidence
Trains correlated DNS-and-routing triage.
- IR lifecycle phaseContainment, Eradication & RecoveryMappedHigh confidence
Trains layered containment across egress and routing tiers.
- Detecting Relevant Threats and TTPs3.AMappedHigh confidence
Trains the detection-engineering baseline.
- Document Network Topology2.MMappedHigh confidence
Trains the topology baseline.
- Network Monitoring and DefenseControl 13MappedHigh confidence
Trains the monitoring control across multiple planes.
- Network Infrastructure ManagementControl 12MappedHigh confidence
Trains the network-management control.