Defensive OSINT lab

CSINT Incident Lab

Practice OSINT, source validation, and incident analysis with safe fictionalized cases.

Start first case View safety rules

1Pick a case
2Review evidence
3Write the report

Safety noticeFictionalized and sanitized data. Tap to read.

This lab uses fictionalized/sanitized data. Do not use it to target people, expose identities, or test live systems.

2D Pixel Analyst Profile

Set analyst name

Level 1 / Analyst Trainee

0Score

0/5Solved

0%Evidence

Analyst name

The profile token is stored in this browser. The leaderboard only shows nickname, score and solved count.

After the first save, solves are written to the backend leaderboard.

Public profile link

Create a nickname first to get a shareable profile link.

Badges

Starter Badge

Leaderboard

Global scoreboard

Only nickname, score and solved count are shown. Flag values are never shared.

What you'll learn

Source reliability
Evidence notebook
Timeline reconstruction
Reporting under uncertainty
Ethical OSINT boundaries

Lab cases

Pick a case, review the evidence, write your defensive report.

Case 012020Not started

SolarWinds Orion Compromise

Reconstruct the timeline and analyze public indicators of compromise (IOCs) from the SolarWinds Orion supply-chain attack.

Timeline & IOC AnalysisSupply Chain

Intermediate35 mins150 pts

Badge:Supply Chain Tracer

Open lab

Case 022023Not started

MOVEit / CL0P Mass Exploitation

Map the exploitation timeline of CVE-2023-34362 in MOVEit Transfer and assess the extortion campaign behavior.

CVE & Impact AssessmentVulnerability / Ransomware

Beginner25 mins100 pts

Badge:CVE Mapper

Open lab

Case 032023Not started

3CX Supply-Chain Attack

Trace the cascading supply-chain compromise of the 3CX DesktopApp and identify attacker infrastructure.

Software Dependency & Process AnalysisCascading Supply Chain

Advanced40 mins200 pts

Badge:Chain Breaker

Open lab

Case 042021Not started

Colonial Pipeline / DarkSide Ransomware

Analyze the public communications, threat actor claims, and official reports of the Colonial Pipeline ransomware incident.

Public Narrative & Source ComparisonRansomware / Critical Infrastructure

Beginner20 mins100 pts

Badge:Crisis Reader

Open lab

Case 052023Not started

Okta Support Case Management Incident

Analyze the support-system breach at Okta, evaluating HTTP Archive (HAR) file security risks and token hijacking vectors.

Support Logs & HAR File RiskAdministrative Support Breach

Intermediate30 mins150 pts

Badge:Token Auditor

Open lab

All interactive evidence is safely sanitized. No real persons, victims, live targets, or leaked databases are involved.

Workspace tools

Jump to the evidence log or the report builder.

Evidence Log Report Builder