MITRE ATT&CK Quizzes

20 scenario-based questions per quiz. Map attacks to tactics and techniques, identify evidence, and predict next steps. For intermediate quizzes, half of the tactic/technique options are placeholders—look them up in MITRE ATT&CK.

Easy

SOC Quiz: Windows

20 Windows attack scenarios mapped to MITRE ATT&CK. Analyze Sysmon logs, EDR telemetry, and event logs.

Take the quiz →

SOC Quiz: Linux

20 Linux attack scenarios mapped to MITRE ATT&CK. Analyze auditd logs, crontabs, systemd, and kernel modules.

Take the quiz →

SOC Quiz: macOS

20 macOS attack scenarios mapped to MITRE ATT&CK. Analyze ESF logs, LaunchAgents, TCC databases, and endpoint telemetry.

Take the quiz →

Medium

SOC Quiz: Windows (Intermediate)

20 Windows scenarios with multiple techniques, encoded payloads, and noise. Half of tactic/technique options are “find in MITRE ATT&CK” placeholders.

Take the quiz →

SOC Quiz: Linux (Intermediate)

20 Linux scenarios: supply chain, eBPF, Kubernetes, relay chains, kernel miners, Ansible, CI/CD, Log4j, systemd timers, and more. Half of tactic/technique options are placeholders.

Take the quiz →

SOC Quiz: macOS (Intermediate)

20 macOS scenarios: XPC hijack, FDA/TCC bypass, ESF evasion, notarization bypass, Keychain, CloudKit, cross-platform pivot, and more. Half of tactic/technique options are placeholders.

Take the quiz →

Easy

SOC Quiz: Windows

SOC Quiz: Linux

SOC Quiz: macOS

Medium

SOC Quiz: Windows (Intermediate)

SOC Quiz: Linux (Intermediate)

SOC Quiz: macOS (Intermediate)

Expert

SOC Quiz: Windows (Expert)

SOC Quiz: Linux (Expert)

SOC Quiz: macOS (Expert)