Walk through actual breaches step by step. Reconstruct each attack chain and identify the warning signs at every stage.
2 interactive case studies based on documented incidents. Free to play, no sign-up required.
Each case study is based on a documented security incident. You will analyze the attack chain, identify the failures, and understand what should have been done differently.
Trace a real BEC scam built on weeks of inbox surveillance.
A business email compromise (BEC) is a targeted attack where criminals infiltrate or spoof a trusted contact's email to redirect payments. This exercise reconstructs a real incident originally documen...
Relive the 10-minute helpdesk call that cost $100M.
The September 2023 MGM Resorts breach is one of the most expensive social engineering attacks in corporate history, costing an estimated $100 million in lost revenue and remediation. This exercise wal...
Attackers register domains that differ by one or two characters from the target company, such as swapping "rn" for "m" or adding a hyphen.
After monitoring legitimate email chains, they inject themselves into invoice conversations using these near-identical domains. Recipients often miss the difference because the context, formatting, and timing all match real correspondence.
The Scattered Spider threat group called MGM's IT helpdesk, impersonated an employee using publicly available LinkedIn information, and convinced staff to reset credentials. That single 10-minute phone call gave attackers initial access.
They then deployed ALPHV/BlackCat ransomware, shutting down hotel systems, slot machines, and booking platforms. MGM reported over $100M in total impact.
Scattered Spider is a financially motivated threat group known for social engineering attacks against large organizations. They specialize in helpdesk vishing, SIM swapping, and MFA fatigue attacks to gain initial access.
The group has targeted major hospitality, technology, and telecommunications companies, often partnering with ransomware-as-a-service operators like ALPHV/BlackCat for the encryption and extortion phase.
Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.