Skip to main content

Scenario: Certificate Escalation

Status: Scaffold — content in progress

Lab: [Link to lab]
ATT&CK: [Technique IDs]
Difficulty: [Beginner / Intermediate / Advanced]
Estimated Time: [X] minutes

Narrative

[Realistic threat scenario context]

Pre-Exercise Checklist

  • Lab environment running
  • SIEM receiving logs
  • Attack tools available
  • Clean snapshot taken

Attacker Steps

[Numbered steps with commands, ATT&CK tags, and expected log events]

Defender Monitoring Checklist

[What to look for in SIEM at each step]

Expected Detection Results

StepDetection CoverageDRL
[Fill in][Fill in][Fill in]

After-Action Review Template

Date:
Lab Operator:
Gaps Identified:
Improvements:
TopicLink
Simulation Frameworksimulation-framework