Edit lab

Editing phish-bec-wire-fraud

{
  "slug": "phish-bec-wire-fraud",
  "tags": [
    "phishing",
    "mvp",
    "guided-lab"
  ],
  "flags": [
    {
      "key": "final",
      "value": "ZDL{phish-bec-wire-fraud}"
    }
  ],
  "hints": [
    {
      "id": "hint-1",
      "content": "Start with the most obvious metadata field before diving deeper.",
      "penaltyPoints": 0
    },
    {
      "id": "hint-2",
      "content": "Correlate timestamps, source identifiers, and the user-facing lure.",
      "penaltyPoints": 5
    }
  ],
  "title": "BEC Wire Fraud Attempt",
  "runtime": {
    "mode": "artifacts_only",
    "cpuLimit": 1,
    "exposePorts": [],
    "templateKey": "phishing-artifact-lab",
    "memoryLimitMb": 512,
    "artifactsMountPath": "/lab/artifacts"
  },
  "summary": "Investigate a business email compromise scenario involving urgent payment instructions.",
  "artifacts": [
    {
      "key": "primary",
      "path": "artifacts/phish-bec-wire-fraud.eml",
      "type": "eml",
      "label": "Primary Lab Artifact",
      "downloadable": true
    }
  ],
  "questions": [
    {
      "key": "q1",
      "type": "short_text",
      "answer": "sample-indicator",
      "points": 10,
      "prompt": "What is the main indicator you identified first?",
      "caseSensitive": false
    },
    {
      "key": "q2",
      "type": "short_text",
      "answer": "isolate and escalate",
      "points": 10,
      "prompt": "What action should the analyst take next?",
      "caseSensitive": false
    },
    {
      "key": "flag-final",
      "type": "flag",
      "answer": "ZDL{phish-bec-wire-fraud}",
      "points": 20,
      "prompt": "Submit the final lab flag.",
      "caseSensitive": true
    }
  ],
  "trackSlug": "soc-analyst-phishing-email-investigation",
  "difficulty": "intermediate",
  "trackTitle": "SOC Analyst – Phishing Email Investigation",
  "instructions": [
    {
      "id": "step-1",
      "title": "Review the scenario",
      "content": "Read the scenario summary and note the primary investigation goal."
    },
    {
      "id": "step-2",
      "title": "Inspect the provided artifact or environment",
      "content": "Use the artifact downloads or the live container session to gather evidence."
    },
    {
      "id": "step-3",
      "title": "Answer the guided questions",
      "content": "Submit answers and the final flag before time expires."
    }
  ],
  "estimatedMinutes": 20,
  "timeLimitMinutes": 30,
  "dbLabId": "760cad7e-9cbf-427a-9b32-55ffcc5ec3b5"
}