An attacker has obtained OAuth tokens through a sophisticated phishing campaign targeting your M365 administrators. They have escalated privileges in Azure AD, created backdoor accounts, and are accessing sensitive SharePoint sites and email inboxes. Your cloud security posture is being tested.
How it works: You'll be presented with 3 realistic incident injects. For each one, describe how you would respond as the incident commander. Our AI facilitator engine will analyze your decisions and provide expert coaching feedback, just like having a seasoned incident response facilitator in the room.