Intermediate 60 min 4-8 players
A mass credential harvesting campaign has compromised employee credentials across your organization, and attackers are actively using them to access email, VPN, cloud applications, and internal systems. This tabletop exercise challenges your team to scope the full extent of credential compromise, execute an enterprise-wide password reset without crippling business operations, and hunt for persistence mechanisms the attackers may have established. Participants will grapple with the realities of credential reuse, the limitations of MFA in certain attack scenarios, and the cascading impact when identity becomes the new perimeter.