incident-response-trainer
Mock scenarios · Rule-based grading
CatalogOverviewSnapshot
← Back to catalog
Cyber × Network Fusionextremely-hardNetwork Appliance Firmware Implant + Fabric PivotCritical asset
Scenario

Suspected core-switch firmware implant + lateral movement across a segmented fabric

A extremely-hard Cyber × Network Fusion scenario on Network Appliance Firmware Implant + Fabric Pivot.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 4 templates in this Track + Difficulty pool.

catalog id · fusion-firmware-implant-fabric-pivot

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains
  • Untrusted-firmware (device implant) triage
  • Out-of-band capture and segmentation containment
MITRE ATT&CKmitre-attack
  • Modify System Image · Defense EvasionT1601 · TA0005
    MappedHigh confidence

    Trains triage of a network-device firmware/image integrity mismatch.

  • Remote Services · Lateral MovementT1021 · TA0008
    MappedHigh confidence

    Trains scoping of a cross-segment pivot the suspect device should have denied.

MITRE D3FENDmitre-d3fend
  • Service Binary VerificationD3-SBV
    MappedHigh confidence

    Trains out-of-band image-integrity verification against vendor known-good.

  • Network Traffic AnalysisD3-NTA
    MappedMedium confidence

    Trains external-collector analysis of the unbooked mirror and cross-segment flows.

NIST CSF 2.0nist-csf-2
  • Continuous Monitoring · DetectDE.CM · DE
    MappedHigh confidence

    Trains detection of device-integrity drift and segmentation bypass.

  • Supply Chain Risk Management · IdentifyID.SC · ID
    MappedHigh confidence

    Trains the supply-chain lens on a vendor-advised firmware implant.

NIST SP 800-61r3nist-sp-800-61r3
  • IR lifecycle phaseDetection & Analysis
    MappedHigh confidence

    Trains out-of-band evidence capture when the device's own telemetry is untrusted.

  • IR lifecycle phaseContainment, Eradication & Recovery
    MappedHigh confidence

    Trains preserve-then-isolate-then-replace ordering for a compromised core node.

CISA Cybersecurity Performance Goalscisa-cpg
  • Vendor/Supplier Cybersecurity Requirements2.R
    MappedHigh confidence

    Trains the vendor-coordination baseline for a known-implant advisory and RMA.

  • Document Network Topology2.M
    MappedMedium confidence

    Trains the topology baseline the segmentation reasoning depends on.

CIS Controls v8cis-controls
  • Network Infrastructure ManagementControl 12
    MappedHigh confidence

    Trains the network-management control the incident centers on.

  • Network Monitoring and DefenseControl 13
    MappedHigh confidence

    Trains the segmentation-monitoring control that surfaced the pivot.