Entangled cloud control-plane changes, a flapping core fabric, and an ambiguous privileged identity under decaying telemetry
A extremely-hard Cyber × Network Fusion scenario on Tri-Domain: Control-Plane, Fabric & Cloud Crisis.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 4 templates in this Track + Difficulty pool.
catalog id · fusion-tri-domain-control-plane-fabric-crisis
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- Tri-domain fault-vs-adversary triage under decaying telemetry
- Integrity-preserving recovery without re-trusting a tampered state
- Network Denial of Service · ImpactT1498 · TA0040PartialMedium confidence
Trains reasoning about core-fabric instability that may be a real fault or deliberate cover.
- Valid Accounts: Cloud Accounts · Privilege EscalationT1078.004 · TA0004MappedHigh confidence
Trains response to privileged control-plane changes made under an ambiguous break-glass identity.
- Impair Defenses: Disable or Modify Cloud Logs · Defense EvasionT1562.008 · TA0005PartialMedium confidence
Trains the defender side: reconstructing activity after an audit log-delivery sink was modified.
- User Account ContainmentD3-UACMappedHigh confidence
Trains suspending the suspect break-glass session until the actor is independently verified.
- Service Binary VerificationD3-SBVMappedHigh confidence
Trains out-of-band verification of the spine image against a known-good before any reload.
- Network Traffic AnalysisD3-NTAMappedMedium confidence
Trains using surviving off-box telemetry to reconstruct the windows the log gaps hid.
- Adverse Event Analysis · DetectDE.AE · DEMappedHigh confidence
Trains separating a genuine fabric fault from adversary activity under decaying telemetry.
- Mitigation · RespondRS.MI · RSMappedHigh confidence
Trains containing the control plane and fabric without a blanket failover that destroys evidence.
- Incident Recovery Plan Execution · RecoverRC.RP · RCMappedMedium confidence
Trains recovery sequencing that restores from a provably-clean control-plane state.
- IR lifecycle phaseDetection & AnalysisMappedHigh confidence
Trains fault-vs-adversary triage across identity, fabric, and control plane on one timeline.
- IR lifecycle phaseContainment, Eradication & RecoveryMappedHigh confidence
Trains evidence-preserving containment instead of reloading the suspect spine or freezing all traffic.
- IR lifecycle phasePost-Incident ActivityMappedMedium confidence
Trains hardening break-glass, immutable logging, and signed images so the crisis cannot recur.
- Detecting Relevant Threats and TTPs3.AMappedHigh confidence
Trains the detection baseline that surfaces anomalous privileged control-plane changes.
- Document Network Topology2.MMappedMedium confidence
Trains the topology baseline the fabric path-validation reasoning depends on.
- Access Control ManagementControl 6MappedHigh confidence
Trains break-glass and privileged-identity control when the actor may be compromised.
- Network Infrastructure ManagementControl 12MappedHigh confidence
Trains safe isolation of a suspect spine and shifting to a trusted path.
- Data RecoveryControl 11MappedMedium confidence
Trains restoring from a provably-clean state rather than re-trusting a tampered control plane.