Scenarios
Multi-stage. Real-world.
Scenarios are end-to-end engagements. Multiple machines. Multiple attack paths. Modeled on real incidents. Plan for 10–40 hours each.
Coming soon
6 stages
Northwind Pipeline
Compromise a fictional fintech's entire CI/CD chain.
Phishing a developer for a GitHub PAT. Pivoting to a self-hosted runner. Poisoning a base image. Owning production via OIDC. End-to-end attack chain.
Coming soon
5 stages
Mesh Hunters
Lateral movement through a service mesh.
Initial foothold in a misconfigured Envoy sidecar. mTLS bypass. Workload identity theft. Pivoting across namespaces to crown-jewel data.
Coming soon
7 stages
Supply Chain Down
An npm package, a build runner, a registry.
Realistic supply chain compromise modeled after Codecov-style incidents. Multi-week persistence required.