CLICK HERE TO DOWNLOAD THIS IMAGE & COLOR IT IN!Inside: A 40-member fellowship journeys through a live TTX quest with Ally, cyber raider strikes on classrooms and code vaults, and a glimpse at how to craft scenarios in minutes by wielding our Build Tool.
Earlier this month, Ally’s new Build and Run tools underwent trial by fire at the annual Cyber Yankee executive tabletop exercise.
Cyber Yankee summons over 300 allies from a variety of banners, including private sector critical infrastructure, military, national guard, federal agencies like CISA, and local government. Together, this fellowship of protectors strives to improve collective readiness for cyber strikes targeting the northeastern realm’s most critical infrastructure.
Rich Berthao from Cyberspace Knowledge Group served as Facilitator of the TTX, and called upon Ally to aid the experience. We ran a quest centered on a fictional utility, NorthGrid New England, under attack by bandits from the PRC-backed Volt Typhoon clan.
The campaign unfolded across four chapters, each with two injects. The 40+ defenders in the room split into three breakout parties, each using Ally’s anonymous voting feature as they decided how to progress through the quest. Upon completion, the party reconvened for a hotwash as Ally’s Report tool transformed performance data into actionable insight.
Gatherings like Cyber Yankee let us lend our shield to the realm’s most important readiness work, and spread the word about the toolkit we’re forging at Ally. If you’d like to partner with us to bring a unique exercise experience to a local conference or event near you, reply to this email scroll.
Your allies in IR,
Rob & Scout
The notorious ShinyHunters brigands breached Canvas and plastered a ransomware warning across the welcome gate, causing the platform to seize. Facilitators can use this as a quest seed where ransom pressure, public trust, and platform downtime collide. Unseal the scroll
Marauders from TeamPCP claim they breached GitHub’s inner code vault and put stolen source code up for sale, while GitHub investigates unauthorized access to internal repositories. This makes for a strong TTX where developer tools come under fire. Discover what happened
An attacker poisoned TanStack’s release process, turning a trusted open-source code library into the blade that published 84 malicious npm package versions. This serves as a great TTX where the party must purge tainted tools from the kingdom’s forge. Study the postmortem
Cyber raiders struck Foxconn’s North American factories, hitting the workshops that forge the world’s devices. The incident serves as inspiration for a TTX where the party must shield manufacturing to keep production lines moving. Review the manufacturing missive
Concocted by Elvira and Megh!
Build. Run. Report. These are the three key ingredients a Facilitator combines to alchemize a successful tabletop exercise program. When Ally first entered the world, our initial focus was to concoct a solution to simplify the Report function for Facilitators.
Now, we’re excited to bring that same level of power to the Build phase of the TTX process. Say hello to the Exercise Build Tool! Scenarios crafted using this tool are formed by fusing two elements: Org relevance to make the exercise resonate, and exercise specifics to flavor for your specific audience.
With the foundation of your exercise set, the next step is to refine it further using the Inject Editor. This critical step is where good exercises are upgraded to legendary status. Use this fine-tuning tool to:
By utilizing our Exercise Build Tool, you can brew up exercises that make a lasting impact. Sign up to craft your first scenario for free.
.webp)
From questing alongside northeastern cybersecurity sentinels to exploring a variety of incidents across manufacturing, education, and open-source packages, we’ve gathered a bundle of kindling to fire up your next TTX. See you again soon!
About Ally Security
Ally is here to support facilitators, which in turn creates a virtuous cycle where exercises take less time, provide more value, are run more frequently, and can make every organization can be better prepared.
The unexpected wins. The client curveballs. The chaos you couldn’t have scripted if you tried. Dear Asa is your space to share the stories that don’t make it into the official post-incident report. Script, submit, and enjoy a chance to be featured or quoted in an upcoming post.
