Interactive Demo — critical Severity

Supply Chain: Vendor Software Compromise

A critical monitoring tool used across your infrastructure has pushed a compromised update. The backdoor provides attackers with persistent remote access. Multiple organizations are affected. You must determine your exposure and contain the threat while the vendor investigates.

Threat Actor
Nation-state APT group
Initial Vector
Trojanized software update
Injects
3 decision points
Duration
10-15 minutes

How it works: You'll be presented with 3 realistic incident injects. For each one, describe how you would respond as the incident commander. Our facilitator engine scores your decisions against NIST SP 800-61r3 and CSF 2.0 coaching frameworks — surfacing specific actions you took, coaching questions for gaps, and best-practice reminders. Deterministic and auditable, not a black-box chatbot.