4.8 GB outbound from production web server to low-reputation IP overnight

A hard Cybersecurity scenario on Suspicious Outbound.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 5 templates in this Track + Difficulty pool.

catalog id · suspicious-outbound-exfil

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains

Outbound-anomaly recognition
Network-level containment under uncertainty

MITRE ATT&CKmitre-attack

Exfiltration Over C2 Channel · ExfiltrationT1041 · TA0010
MappedHigh confidence
Trains defensive recognition of anomalous outbound data flows.

MITRE D3FENDmitre-d3fend

Network Traffic AnalysisD3-NTA
MappedHigh confidence
Trains the traffic-analysis posture the scenario exercises.
Network Traffic FilteringD3-NTF
MappedMedium confidence
Trains the outbound-filtering response once the destination is scoped.

NIST CSF 2.0nist-csf-2

Anomalies and Events · DetectDE.AE · DE
MappedHigh confidence
Trains anomaly-detection reasoning on outbound flows.

NIST SP 800-61r3nist-sp-800-61r3

IR lifecycle phaseDetection & Analysis
MappedHigh confidence
Trains anomaly triage on traffic baselines.
IR lifecycle phaseContainment, Eradication & Recovery
MappedMedium confidence
Trains network-level containment of suspected exfil endpoints.

CISA Cybersecurity Performance Goalscisa-cpg

Detecting Relevant Threats and TTPs3.A
MappedHigh confidence
Trains the detection-engineering baseline for outbound anomalies.

CIS Controls v8cis-controls

Network Monitoring and DefenseControl 13
MappedHigh confidence
Trains the network-monitoring control the scenario exercises.
Network Infrastructure ManagementControl 12
MappedMedium confidence
Trains the network-management discipline behind safe blocks.