The video above walks through a simulated email bomb attack scenario, demonstrating how IT professionals can respond to this increasingly common threat. Let's break down what we learned from this realistic cybersecurity tabletop game. Understanding Email Bomb Attacks Email bombing floods inboxes with thousands of messages in a short timeframe. In the simulation, we see […]

The Challenge "How well will students perform when facing a real IoT security attack?" This question kept Professor Pete Mauro at Rowan University's Electrical & Computer Engineering Department up at night. While his students could recite the NIST 8259A IoT security standards, he needed to know if they could apply these principles when confronting an […]

The DFIR Report published an article detailing a cybersecurity attack that occurred in late February 2023. In this incident, threat actors used Microsoft OneNote files to gain initial access and deliver IcedID malware. The attackers then used FileZilla to exfiltrate data before deploying Nokoyawa ransomware. This article will guide you through planning and executing a […]

Looking to strengthen your organization's cyber defenses through practical training? Tabletop exercises provide hands-on experience dealing with cyber threats in a controlled environment. Here are 10 real-world tabletop exercise cybersecurity examples you can use to build more engaging and effective cybersecurity simulations. Hotel System Outage Response The recent Omni Hotels & Resorts incident, where a […]

Introduction Threat actors are using fake browser updates and software fixes to trick users into cutting, copying, and pasting PowerShell scripts loaded with various malware strains, including remote access Trojans (RATs) and infostealers, to infect their computers. This tabletop exercise is relevant for organizations that use: Web browsers and productivity software vulnerable to social engineering […]

When the CEO of Compliancy Group looked at his company's cyber security readiness, he saw a problem. His team was spending hours watching security videos and taking quizzes, but he had no way to know if they could handle a real attack. As a company that serves thousands of healthcare companies with HIPAA compliance solutions, […]

On June 1, 2023, a Reddit user posted about a cybersecurity incident where a few users at their company were being "email bombed" with thousands of spam emails from various sites. This type of attack can be incredibly disruptive and may be a precursor to more serious threats, like account takeovers. In this article, we'll […]

On March 28, 2024, Krebs on Security published an article titled "Thread Hijacking: Phishes That Prey on Your Curiosity". The article detailed a cybersecurity attack where a journalist's email account was compromised and used to send exploiting emails to their contacts. This article will show you how to plan and execute an effective tabletop simulation […]

On April 23, 2024, Ars Technica published an article detailing how hackers abused an antivirus service for five years to infect end users with malware. The attack was possible because the service, eScan, delivered updates over the insecure HTTP protocol. This article will guide you in planning and executing a tabletop simulation based on this […]

On March 28, 2024, Dark Reading published an article titled "Pervasive LLM Hallucinations Expand Code Developer Attack Surface". The article detailed how large language models (LLMs) like ChatGPT can "hallucinate" and recommend nonexistent code libraries to developers, giving attackers an opportunity to upload malicious packages with those names. This article will show you how to […]