Case study breakdowns

Real scenarios,
examined closely

Each case here is drawn from actual workshop exercises — specific attack vectors, decision points, and what participants did differently after working through them hands-on.

Cybersecurity workshop participants working through a live attack scenario

Workshop breakdowns

Five scenarios worth studying

These aren't hypotheticals. Each breakdown reflects a structured exercise run at Taychproa, with the tools, friction points, and participant decisions included.

Phishing simulation

When a convincing email bypasses technical filters

A crafted spear-phishing message targeting a fictional HR department cleared every automated check. Participants received it in a sandboxed inbox and had 20 minutes to decide: act, flag, or delete.

Fourteen of nineteen participants clicked at least one embedded link before catching the indicators. The debrief focused on header inspection and sender verification without relying on gut feeling alone.

Mailheader analyzer OSINT lookup SPF/DKIM check
19 participants
20 min decision window
3 attack layers
Credential exposure

Leaked passwords in a public repository

A developer accidentally committed an .env file to a public GitHub repo. Participants traced the exposure window, assessed scope, and drafted a response checklist under a 30-minute constraint.

1 Identify the commit timestamp and exposure duration
2 Enumerate which credentials were affected
3 Rotate secrets and audit access logs
Groups who structured their response in writing contained the scenario 40% faster than those who worked verbally.
Network intrusion

Lateral movement inside a segmented lab network

Participants were given read-only access to network logs from a simulated breach. An attacker had moved from a compromised workstation to a file server over 72 hours without triggering any alerts.

The task was to reconstruct the movement path using only log timestamps, port activity, and user session data — no pre-labeled indicators.

Network topology diagram used during lateral movement analysis exercise
1 Correlate login events across machines
2 Map port scan patterns to pivot points
3 Identify the initial foothold vector
Wireshark Splunk logs
72 h attack window
6 pivot points
Vulnerability triage

Prioritising a 60-item CVE list under pressure

Given a real-world vulnerability scan output from a fictional mid-size company, participants had to rank remediation priority using CVSS scores, asset criticality, and exploit availability — without external help.

60 CVEs triaged
45 min time limit
Most disagreements between teams came from different interpretations of asset criticality — the debrief covered how to document those assumptions before scoring.
Social engineering

A phone call that almost worked

One participant played a support agent; another played an attacker posing as a new employee locked out of their account. The script was loose — only the goal was fixed: get the agent to reset credentials verbally.

1 Establish false urgency and authority early
2 Exploit helpfulness over protocol
3 Redirect when challenged with a plausible detail
Role-play Call script review

"The phishing simulation workshop was exactly what our IT team needed. Working through a real attack scenario step by step made the theory stick in a way that reading never did."

DK
Daryna Kovalchuk
IT Security Analyst

"I came in thinking I understood network segmentation. The lateral movement case showed me exactly where my mental model had gaps. The debrief alone was worth the session."

BH
Bohdan Havryliuk
Systems Administrator

"The social engineering role-play was uncomfortable in the best way. You don't realise how easy it is to give up information until someone is actually doing it to you live."

OZ
Olena Zubchenko
Support Team Lead