Simulated Digital Cyber Attack Archives

Simulated Digital Cyber Attack

Two VMs. One rule: don't get caught. We exploited a single overlooked UDP port, tunnelled in via WireGuard, and pulled the thread. Cleartext credentials in a shared folder. A password spray. 30+ compromised accounts. Pass-the-hash took care of the rest. By the end, we were using the monitoring team's own account to dig around. They never noticed.

assumed breach - hiding, don't get caught

The one where “don’t get caught” was the only rule

Two VMs. One rule: don't get caught. We exploited a single overlooked UDP port, tunnelled in via WireGuard, and pulled…

Abstract visualization of GitHub token exposure in Slack leading to software supply chain compromise

The one where a slack message became a supply chain backdoor

A GitHub Personal Access Token posted in Slack. Left exposed since July 2024. That's all it took to compromise an…