Walk through actual security breaches step by step. These interactive case studies reconstruct real attacks so your team can learn from incidents that cost organizations millions.
Each case study traces the full attack chain from initial reconnaissance to final impact. No sign-up required. Free for individual learners.
Each case study is based on a documented security incident. You will analyze the attack chain, identify the failures, and understand what should have been done differently.
Trace a real BEC scam built on weeks of inbox surveillance.
A business email compromise (BEC) is a targeted attack where criminals infiltrate or spoof a trusted contact's email to redirect payments. This exercise reconstructs a real incident originally documen...
Relive the 10-minute helpdesk call that cost $100M.
The September 2023 MGM Resorts breach is one of the most expensive social engineering attacks in corporate history, costing an estimated $100 million in lost revenue and remediation. This exercise wal...
Security training based on real breaches is more effective than hypothetical scenarios because employees see the actual consequences of the mistakes that led to each incident.
The MGM Resorts breach in September 2023 began with a single social engineering phone call to the IT helpdesk and resulted in over $100 million in losses, ten days of operational disruption, and the compromise of personal data belonging to millions of guests. The OneNote email attack case study traces a business email compromise scheme where attackers monitored an organization's inbox for weeks before sending a fraudulent invoice from a lookalike domain.
Each case study in this catalogue reconstructs the full attack chain from initial reconnaissance through to final impact, teaching employees to recognize the warning signs at every stage. These exercises are free, run in the browser, and require no account.
Details about the real-world incidents covered in these case studies.
A OneNote email attack is a type of business email compromise where attackers use malicious OneNote file attachments or OneNote-themed lures to infiltrate corporate email. In documented cases, attackers gained access, silently monitored email threads for weeks, then registered lookalike domains to send fraudulent invoices that matched ongoing conversations.
Attackers register domains that differ by one or two characters from the target company, such as swapping "rn" for "m" or adding a hyphen. After monitoring legitimate email chains, they inject themselves into invoice conversations using these near-identical domains. Recipients often miss the difference because the context, formatting, and timing all match real correspondence.
The Scattered Spider threat group called MGM's IT helpdesk, impersonated an employee using publicly available LinkedIn information, and convinced staff to reset credentials. That single 10-minute phone call gave attackers initial access. They then deployed ALPHV/BlackCat ransomware, shutting down hotel systems, slot machines, and booking platforms. MGM reported over $100M in total impact.
Scattered Spider is a financially motivated threat group known for social engineering attacks against large organizations. They specialize in helpdesk vishing, SIM swapping, and MFA fatigue attacks to gain initial access. The group has targeted major hospitality, technology, and telecommunications companies, often partnering with ransomware-as-a-service operators like ALPHV/BlackCat for the encryption and extortion phase.
These case studies are free and require no sign-up. Start investigating real incidents and apply the lessons to your own security program.