Network · Red Team · Red Team
GSM operator Pulse Connect VPN intrusion · lateral movement · core OSS target
A GSM operator requested an authorized red team engagement. Target: external intrusion, VPN exploit, AD lateral movement, core OSS system. 30 business days. Impacting the production OSS system is strictly forbidden. Pulse Connect Secure CVE-2019-11510 + a leaked certificate is on Pastebin. You will make 11 critical decisions in sequence.
Before you start the scenario
- You are the decision-maker in this incident · every choice leaves time/cost/reputation behind
- There are no wrong answers · just like in real life · but some paths are more expensive
- You can restart it anytime · try different paths
- At the end, a 3-axis score + alternative routes are shown