Scenario types
| Scenario type | Details |
|---|---|
| Phishing-led ransomware propagation | Simulates a phishing compromise followed by lateral movement and ransomware deployment, resulting in data encryption and extortion. Primary risk vectors include social engineering and endpoint compromise |
| Insider data exfiltration | Models an insider using removable media or personal cloud storage to exfiltrate sensitive data. Risk vectors include insider misuse and unauthorised data access |
| Public-cloud misconfiguration | Emulates exposure of personally identifiable information (PII) because of misconfigured access controls, such as open AWS S3 buckets. Risk vectors include misconfiguration and poor cloud governance |
| Credential leakage | Replicates unauthorised access via credentials exposed in public code repositories or compromised CI/CD pipelines. Risk vectors include credential theft and supply chain exposure |
| Scenario type | Details |
|---|---|
| Phishing-led ransomware propagation | Simulates a phishing compromise followed by lateral movement and ransomware deployment, resulting in data encryption and extortion. Primary risk vectors include social engineering and endpoint compromise |
| Insider data exfiltration | Models an insider using removable media or personal cloud storage to exfiltrate sensitive data. Risk vectors include insider misuse and unauthorised data access |
| Public-cloud misconfiguration | Emulates exposure of personally identifiable information ( |
| Credential leakage | Replicates unauthorised access via credentials exposed in public code repositories or compromised CI/CD pipelines. Risk vectors include credential theft and supply chain exposure |
Sharing content requires targeting cookies to be enabled. Please update your cookie preferences to use this feature.