Internal CA key possibly exposed + ARP poisoning + outbound C2 from server VLAN
A hard Cyber × Network Fusion scenario on Internal CA MITM + C2.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 4 templates in this Track + Difficulty pool.
catalog id · fusion-internal-ca-mitm-c2
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- Internal-CA trust triage
- Beaconing pattern recognition over trusted channels
- Adversary-in-the-Middle · Credential AccessT1557 · TA0006MappedHigh confidence
Trains triage when internal trust anchors are abused for redirection.
- Application Layer Protocol · Command and ControlT1071 · TA0011MappedHigh confidence
Trains scoping of beaconing patterns over trusted channels.
- Network Traffic AnalysisD3-NTAMappedHigh confidence
Trains TLS-and-DNS-visibility reasoning.
- Service Binary VerificationD3-SBVPartialLow confidence
Trains broader integrity-verification posture across endpoints.
- Data Security · ProtectPR.DS · PRMappedHigh confidence
Trains the data-security baseline behind TLS trust.
- Continuous Monitoring · DetectDE.CM · DEMappedHigh confidence
Trains the monitoring discipline on the egress plane.
- IR lifecycle phaseDetection & AnalysisMappedHigh confidence
Trains triage of trust-anchor abuse signals.
- IR lifecycle phaseContainment, Eradication & RecoveryMappedHigh confidence
Trains trust-rotation and revocation workflow.
- Strong and Agile Encryption2.HMappedHigh confidence
Trains the trust-and-encryption baseline.
- Detecting Relevant Threats and TTPs3.AMappedHigh confidence
Trains the detection baseline for beaconing patterns.
- Data ProtectionControl 3MappedHigh confidence
Trains the data-protection control.
- Network Monitoring and DefenseControl 13MappedHigh confidence
Trains the monitoring control.