Guest VLAN: rogue DHCP redirecting users to a fake SSO portal
A easy Cyber × Network Fusion scenario on Rogue DHCP MITM.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 3 templates in this Track + Difficulty pool.
catalog id · fusion-rogue-dhcp-mitm
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- Layer-2 MITM triage
- Access-port isolation discipline
- Adversary-in-the-Middle · Credential AccessT1557 · TA0006MappedHigh confidence
Trains triage of MITM-style redirection on a layer-2 segment.
- Network Traffic AnalysisD3-NTAMappedHigh confidence
Trains layer-2 visibility reasoning for redirection symptoms.
- Inbound Connection FilteringD3-IBCAMappedMedium confidence
Trains the inbound-filtering posture (DHCP snooping).
- Continuous Monitoring · DetectDE.CM · DEMappedHigh confidence
Trains the monitoring discipline on access-layer telemetry.
- IR lifecycle phaseDetection & AnalysisMappedHigh confidence
Trains triage of MITM symptoms.
- IR lifecycle phaseContainment, Eradication & RecoveryMappedHigh confidence
Trains source-port isolation workflow.
- Document Network Topology2.MMappedHigh confidence
Trains the topology baseline.
- Detecting Relevant Threats and TTPs3.AMappedMedium confidence
Trains the threat-detection baseline.
- Network Infrastructure ManagementControl 12MappedHigh confidence
Trains the network-management control.
- Network Monitoring and DefenseControl 13MappedHigh confidence
Trains the monitoring control the scenario exercises.