NorthLedger Financial Services has contacted your team after detecting suspicious outbound traffic from its corporate network. The SOC believes a user may have executed a malicious recruitment or vendor-portal file. You have been given a PCAP from the relevant network segment. Your task is to determine whether the organisation is compromised, identify the affected host, extract indicators and explain the likely attacker behaviour.
Haystack
| Difficulty | |
| Score | |
| Tags |
Defensive
Entry Level
|
| Completions | |
| Rating |
Defensive
Entry Level
Activity
| Lab Released | 2026-05-29 12:55:00 | |
 rayaseiren got 1st blood |
2026-06-02 18:14:12 | |
 noother got 2nd blood |
2026-06-10 00:28:55 | |
 Fhyyto got 3rd blood |
2026-06-11 19:30:42 | |
 R00ts3c got 4th blood |
2026-06-17 11:07:08 | |
|
Diddy got 5th blood |
2026-06-22 11:16:42 |
