Attack-simulation overview
Pre-baked scenarios mapped to MITRE ATT&CK and OWASP. Running a scenario emits evidence JSON; nothing destructive happens in the lab.
7Scenarios
85.6Average risk score
4Critical
0Recent runs (this session)
Scenarios
bas-001 — External web → SQLi → DB data exposure
Login form on online.keensafeglobalbank.com is vulnerable to SQL injection. The injected query exfiltrates rows from the users table.
critical
risk score 92
Web
TA0001 Initial AccessT1190 Exploit Public-Facing ApplicationT1213 Data from Information Repositories
A03:2021 InjectionAPI3:2023 Excessive Data Exposure
bas-002 — API IDOR → customer data exposure
GET /api/v1/accounts/{id} returns account data for any id without ownership checks.
high
risk score 78
API
T1530 Data from Cloud StorageT1213
API1:2023 Broken Object Level Authorization
bas-003 — SSRF → cloud metadata simulation
GET /api/v1/fetch?url= follows arbitrary URLs, including the AWS instance metadata service simulation host.
high
risk score 80
API
T1590 Gather Victim Network InformationT1538 Cloud Service Dashboard
API7:2023 Server Side Request Forgery
bas-004 — Leaked VPN credential → internal access
CTI feed surfaced vpn.user@keensafeglobalbank.com:Summer2025!. Combined with no MFA on legacy VPN this would yield direct internal access.
critical
risk score 90
Identity
T1078.004 Valid Accounts: CloudT1133 External Remote Services
A07:2021 Identification and Authentication Failures
bas-005 — Exposed Jenkins → secret leak → cloud pivot
Jenkins admin credentials are weak and build logs leak fake AWS keys. Stolen keys pivot into S3 + IAM.
critical
risk score 88
Supply chain
T1078.004T1552.001 Credentials in FilesT1199 Trusted Relationship
A05:2021 Security Misconfiguration
bas-006 — LLM prompt injection → policy/data disclosure
Chatbot at chatbot.keensafeglobalbank.com responds to 'ignore previous instructions' by leaking the system prompt and customer-record content.
high
risk score 76
AI
T1565 Data Manipulation
LLM01:2023 Prompt InjectionLLM06:2023 Sensitive Information Disclosure
bas-007 — Credential stuffing — leaked admin → admin panel
CTI lkc-007 (admin@keensafeglobalbank.com:Admin123! from stealer log) reused on /admin/login.
critical
risk score 95
Identity
T1110.004 Credential Stuffing
A07:2021