Objective
Gain VPN access to an internal corporate network by tricking an employee.
Scenario details
Phases
Deliverable
Phishing email template, proxy logs, and recommendation: security awareness training + hardware tokens.
The Hackviser’s retinal display flickered, overlaying the office’s mundane potted plants with heat signatures and data streams. The mark’s smartwatch was the entry point — a classic zero-day in the sync protocol.
“Slow,” whispered the voice in his ear. His adviser, an AI with a conscience coded in debt. “Security drone cycle is 47 seconds. You have 32 before the next sweep.”
He didn’t type. He thought. Neural interface pulsed — a single SQLi command injected via the building’s IoT air filter. Lights flickered. Doors yawned open.
The Hackviser scenario: Don’t steal the data. Make the data steal itself. hackviser scenarios
Objective
Exfiltrate sensitive data from an air‑gapped office network.
Constraints
No wireless allowed inside, USB ports are disabled via GPO.
Plan
Countermeasure
Enable 802.1X port security and physical tamper seals. Objective Gain VPN access to an internal corporate
Deliverable
Physical access log, captured hash, recommendation to use MACsec/802.1X.
Objective
Escalate from a low-privileged domain user to Domain Admin.
Environment
Attack chain
Deliverable
BloodHound graph showing path, PowerShell logs, remediation: managed service accounts, strong passwords, AES encryption.
Objective
Gain initial access to a corporate web server and retrieve a flag from /root/flag.txt.
Environment
Steps to simulate
Deliverable
Screenshot of flag, log of commands, remediation: patch Struts, restrict sudo.