-
Scenario 1: Webserver Down!
It seems adversaries managed to take control of the webserver of the organization, some strange technical settings have been found in the devices responsible for the layered defense. Adversaries are on their way to infiltrate the organization network, quick investigation and recommendations are required.
-
Scenario 2: Data in danger
Adversaries managed to get into the network and are after sensible data, affecting multiple protected segments of the infrastructure. Although there are different segments are affected by the attack, one part has been compromised, and there are hopes for successful prevention due to the defense mechanisms in place. Investigation should find confidence of the data integrity and confidentiality.
-
Scenario 3: On the move
As adversaries penetrated the network it seems they are using some kind of lateral movement technique to move from one device to another. Investigation is required to identify the gap in the defense and make preventive measure to block further movement of the adversaries.
-
Scenario 4: OT under attack
Attackers use infection vectors to infiltrate the institutions internal system. As they are progressing ahead it seems they've got access to the OT/PLC segment and are actively engaged with taking full control over the OT system inside the facility.
-
Scenario 5: Livefire
Adversaries have been identified within the network while actively working their way through the different systems and networks. Blue team has to stop them in a quick and timely manner on the fly.
-
Scenario 6: The Hunt
In addition to the multi-faceted cyber-attack against the supervised infrastructure an attack gives a different perspective and motive to the initial criminal cyber-attack. The incident response team is tasked with using open-source intelligence techniques to gather as much information on a potential terrorist attack to support a consequent law enforcement work.