Receptionist plugged in USB labeled 'Q2 Bonus' — EDR flagged PowerShell launch

A easy Cybersecurity scenario on Suspicious USB Device.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 5 templates in this Track + Difficulty pool.

catalog id · usb-drop-lobby-bonus

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains

Removable-media awareness discipline
Safe-handling response to unknown devices

MITRE ATT&CKmitre-attack

Replication Through Removable Media · Initial AccessT1091 · TA0001
MappedHigh confidence
Trains triage of an unknown removable-media drop in a public area.

MITRE D3FENDmitre-d3fend

Per-Host Application WhitelistingD3-PAN
MappedMedium confidence
Trains the host-control posture that limits unknown-binary execution.

NIST CSF 2.0nist-csf-2

Access Control · ProtectPR.AC · PR
MappedHigh confidence
Trains physical and endpoint-access posture for unsolicited media.

NIST SP 800-61r3nist-sp-800-61r3

IR lifecycle phaseDetection & Analysis
MappedHigh confidence
Trains initial response to a found-USB awareness report.

CISA Cybersecurity Performance Goalscisa-cpg

Basic Cybersecurity Training2.F
MappedHigh confidence
Trains the awareness baseline the scenario exercises.

CIS Controls v8cis-controls

Security Awareness and Skills TrainingControl 14
MappedHigh confidence
Trains the user-side awareness control.
Malware DefensesControl 10
MappedMedium confidence
Trains the endpoint-defense control invoked when the media is examined safely.