Exercise Library

Created by shacham solomovitz

A sophisticated voice phishing (vishing) campaign has compromised customer credentials through fake promotional calls, resulting in $2M+ in unauthorized IVR transactions. With 500M ILS processed daily through the IVR channel and the attack scope still unknown, executive leadership must make critical decisions about incident response, customer protection, regulatory compliance, and business continuity under intense time pressure.

Created by truepo

A sophisticated phishing campaign targets your financial institution's high-value clients, resulting in unauthorized wire transfers. Navigate regulatory notifications, client communications, and operational response while managing reputational damage and potential regulatory sanctions.

Created by shacham solomovitz

A sophisticated business email compromise (BEC) attack using AI voice cloning technology to impersonate executives and authorize fraudulent wire transfers. Players must navigate detection, response, and recovery decisions while managing regulatory, reputational, and financial impacts in a high-pressure environment.

Created by shacham solomovitz

A sophisticated supply chain attack targeting a major bank through a compromised third-party banking software update. Exercise participants must navigate critical decisions about vendor isolation, regulatory compliance, customer communications, and business continuity while managing an advanced persistent threat that has infiltrated core banking systems.

Created by shacham solomovitz

A sophisticated multi-month APT campaign targeting a major financial institution. The Codebreakers collective uses phishing to establish persistence, exfiltrate 1M customer records, deploy ransomware, and leak high-net-worth client data when ransom demands are refused. This expert-level scenario challenges C-suite executives with complex decisions around crisis communications, regulatory compliance, business continuity, and stakeholder management during a catastrophic cyber incident.

Created by shacham solomovitz

A major social engineering attack compromises high-profile Twitter accounts through phone-based credential theft. As C-level executives, participants must navigate crisis communications, incident response, and stakeholder management while attackers use compromised accounts to run Bitcoin scams affecting world leaders and celebrities.

Created by shacham solomovitz

Navigate the discovery and response to one of the most sophisticated supply chain attacks in history. As the CISO of a Fortune 500 company, you must detect, contain, and remediate the SUNBURST backdoor while managing cascading business impacts, regulatory pressures, and nation-state threat actors. This expert-level scenario tests your ability to coordinate across multiple teams, make critical decisions under uncertainty, and balance security response with business continuity during a prolonged advanced persistent threat campaign.

Created by shacham solomovitz

Experience the 2023 MGM Resorts cyberattack from initial social engineering call through ransomware deployment. Navigate complex incident response decisions including stakeholder communications, business continuity, and recovery strategies that impacted Las Vegas casinos for over a week.

Created by shacham solomovitz

Experience the devastating 2021 Colonial Pipeline ransomware attack that shut down the largest refined oil pipeline in the U.S. Navigate critical decisions during lateral movement, data exfiltration, and operational shutdown while managing nationwide fuel crisis response. Based on the real DarkSide ransomware incident.