Maher Adib
6 supporters
Login
Maher Adib
Posts
Collection of Cyber Drills Injects!

Collection of Cyber Drills Injects!

Dec 30, 2024

Technical injects:

Credential Compromise via Public Leak

  • Scenario: Notify participants that credentials (username and password) for a sensitive account have been discovered on a public website or a Telegram group.

  • Objective: Test the team's ability to validate the leak, reset credentials, and assess the impact of the leak.

  • Response Expected: XXX

Malware Outbreak

  • Scenario: Simulate an endpoint being compromised by ransomware or a backdoor.

  • Objective: Assess the detection, containment, and eradication strategies.

  • Response Expected: YYY

Domain Spoofing or Typosquatting

  • Scenario: Simulate an adversary creating a domain similar to the organization's for phishing or malicious purposes.

  • Objective: Test external threat monitoring and remediation capabilities.

  • Response Expected: ZZZ

Business injects:

Decision-Making Under Pressure

  • Scenario: An external threat actor has publicly announced they have exfiltrated sensitive customer data from your organization. The media is now reporting the story.

  • Inject: "The CEO is asking for an immediate update and wants to know if the organization should go public with a statement. Draft a response within 30 minutes."

  • Objective: Assess the leadership team's ability to craft crisis communication and align their response with legal and PR best practices.

Business Continuity

  • Scenario: Ransomware has locked critical business systems. The attacker demands payment within 24 hours to prevent data destruction.

  • Inject: "The CFO requests an analysis of whether the ransom should be paid, considering financial, ethical, and operational impacts."

  • Objective: Measure decision-making processes in evaluating ransom payments and alternative recovery strategies.

Board Meeting Urgency

  • Scenario: The board of directors has called an emergency meeting regarding the ongoing incident.

  • Inject: "Prepare a five-slide deck summarizing the incident, impact, mitigation efforts, and next steps for the board."

  • Objective: Practice clear communication with high-level stakeholders.

What's your favorite injects? Please comment below:

If you more inject, please subscribe to become a premium membership! https://buymeacoffee.com/maheradib/membership

Enjoy this post?

Buy Maher Adib a coffee

More from Maher Adib

    Item 1 of 1
    PrivacyTermsReport
    Start your Buy Me a Coffee page