Timeline & Replay
Review and replay exercise events
00:00:00
/ 02:15:30
Exercise Duration: 2h 15m 30s
Total Events: 142
Red Team Actions: 68
Blue Team Actions: 74
Attack Chain Visualization
Reconnaissance
00:05:22
Initial Access
00:12:45
Detection
00:13:10
Privilege Esc.
00:18:33
Containment
00:25:17
Remediation
00:45:00
Event Timeline
Port Scan Initiated
Attack
Alex Kim - Red Team
00:05:22
T1046 - Network Service Scanning
Nmap scan targeting 192.168.1.0/24 subnet
SQL Injection Attempt
Attack
Alex Kim - Red Team
00:12:45
T1190 - Exploit Public-Facing Application
SQL injection on /api/login endpoint - Successful
Alert Generated
Detection
Sarah Chen - Blue Team
00:13:10
SIEM Alert
WAF detected SQL injection pattern
Privilege Escalation
Attack
Alex Kim - Red Team
00:18:33
T1068 - Exploitation for Privilege Escalation
Exploited kernel vulnerability - Gained SYSTEM access
Incident Created
Response
Sarah Chen - Blue Team
00:20:05
INC-042
Escalated to incident response team
System Isolated
Containment
Mike Johnson - Blue Team
00:25:17
WEB-SERVER-01
Compromised server isolated from network
Forensic Analysis Started
Investigation
Mike Johnson - Blue Team
00:30:42
Memory Dump
Memory dump acquired for forensic analysis
Vulnerability Patched
Remediation
David Park - Blue Team
00:45:00
CVE-2024-1234
SQL injection vulnerability patched and deployed
Event Details
Port Scan Initiated
Event ID:
EVT-001
Timestamp:
00:05:22
Actor:
Alex Kim
Team:
Red Team
MITRE Technique:
T1046 Network Service Scanning
Target:
192.168.1.0/24
Tool Used:
Nmap 7.94
Result:
Success - 8 ports discovered
Command Executed
nmap -sS -sV -p- 192.168.1.0/24 -oN scan_results.txt
Event Data (JSON)
{
"event_id": "EVT-001",
"timestamp": "2024-12-13T08:05:22Z",
"actor": "alex.kim",
"team": "red",
"action": "port_scan",
"mitre_technique": "T1046",
"target": "192.168.1.0/24",
"tool": "nmap",
"parameters": {
"scan_type": "SYN",
"version_detection": true,
"port_range": "1-65535"
},
"result": {
"status": "success",
"ports_found": 8,
"hosts_up": 12
},
"points_awarded": 100
}