Public-facing IIS server hosting unfamiliar .aspx — w3wp spawned cmd.exe + net use to internal file server
A hard Cybersecurity scenario on Web Shell + Lateral Movement.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 5 templates in this Track + Difficulty pool.
catalog id · web-shell-lateral-iis-fileserver
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- Web-server persistence triage
- Lateral-movement scoping discipline
- Server Software Component · PersistenceT1505 · TA0003MappedHigh confidence
Trains web-server persistence triage on a public-facing host.
- Remote Services · Lateral MovementT1021 · TA0008MappedHigh confidence
Trains defensive scoping of lateral movement from the compromised host.
- File AnalysisD3-FAMappedHigh confidence
Trains file-analysis triage on web directories.
- Process Activity AnalysisD3-PAUMappedHigh confidence
Trains process-activity review on the web host.
- Network Traffic AnalysisD3-NTAMappedMedium confidence
Trains east-west visibility scoping.
- Continuous Monitoring · DetectDE.CM · DEMappedHigh confidence
Trains detection reasoning on web-server posture.
- IR lifecycle phaseContainment, Eradication & RecoveryMappedHigh confidence
Trains scoped containment of a compromised web host.
- Mitigating Known Vulnerabilities1.EMappedHigh confidence
Trains the vuln-mitigation baseline behind web-server hardening.
- Detecting Relevant Threats and TTPs3.AMappedHigh confidence
Trains the detection baseline the scenario depends on.
- Application Software SecurityControl 16MappedHigh confidence
Trains the application-software control the scenario exercises.
- Network Monitoring and DefenseControl 13MappedMedium confidence
Trains the east-west monitoring control.