Incident Response War Game

MicroSim 35 — Make critical decisions under pressure. Every choice has consequences.

Select an incident scenario to begin the war game. You will lead the response team through critical decision points under time pressure.

Operation CRIMSON LOCK

Ransomware Outbreak

File servers at Meridian Corp are being encrypted in real-time. A ransom demand of $2.5M in BTC has been received with a 48-hour deadline. Multiple business units affected.

Severity: Critical Est. Impact: $12M+ Systems: 47 affected Stages: 5 decision points
Time Pressure:
Operation JADE FALCON

APT Data Breach

Advanced persistent threat discovered in NovaTech's network after 90+ days of undetected access. R&D data exfiltration confirmed via covert DNS tunneling channels.

Severity: Critical Est. Impact: $25M+ IP loss Systems: 83 compromised Stages: 3 decision points
Time Pressure:
Operation GHOST EXODUS

Insider Threat

A departing VP at Quantum Financial has been downloading customer databases and proprietary trading algorithms to personal cloud storage ahead of their last day.

Severity: High Est. Impact: $8M+ regulatory Systems: 12 accessed Stages: 3 decision points
Time Pressure:
Operation BROKEN CHAIN

Supply Chain Compromise

CyberVault's trusted vendor shipped a backdoored software update to 200+ customer environments. Callback beacons detected to C2 infrastructure in multiple geolocations.

Severity: Critical Est. Impact: $50M+ aggregate Systems: 200+ customers Stages: 3 decision points
Time Pressure:
00:00:00
Elapsed Since Declaration

Incident Details

IOCs Discovered

Affected Systems

Incident Command

Event Timeline

Status Board

ContainmentNOT CONTAINED
EradicationNOT STARTED
CommsPENDING
EvidenceCOLLECTING

Resources

SOC Analysts4 available
Forensic Specialists2 available
Malware Analyst1 available
Legal CounselOn retainer
IR Budget$150,000

Decision Score

0
points earned

Recipients

Executive Leadership
Not Sent
Legal Counsel
Not Sent
PR / Media Relations
Not Sent
Affected Customers
Not Sent
Law Enforcement (FBI/CISA)
Not Sent

Regulatory Deadlines

GDPR Art.3372:00:00
State Breach Law48:00:00
SEC 8-K (if public)96:00:00

Message to: Executive Leadership

Forensic Evidence Board

Click each source to collect and reveal evidence.

Extracted IOCs

Collect evidence to extract IOCs.

Containment Actions

Execute containment actions. Some may have unintended side effects.

Eradication Checklist

Complete all stages of the war game to generate your After-Action Report.

Nexus SecOps MicroSim 35 — Incident Response War Game — 100% synthetic data. All IPs, domains, and organizations are fictional.