Lore & Order Vol. 15: How Often Are You Running TTX?

Cyber Trends, Threats, Guides, and News
Lore & Order Newsletters
CLICK HERE TO DOWNLOAD THIS IMAGE & COLOR IT IN!

Welcome to This Month’s Dispatch from Ally Security

Inside: A summons to reveal how frequently your party tabletops, field intel revealing new AI-based attack patterns, plus three hidden gems for shaping custom quests in Ally’s Build Tool.

Table Talk: How Often Are You Running Tabletops?

Every incident response team has its own training cadence. Some parties gather consistently every quarter, while others only convene when the compliance horns sound. Every kingdom runs a bit differently, and we want to know how you run yours.

Take 30 seconds to fill out our TTX Frequency Survey and tell us how often you’re running tabletops with your organization or clients. Submit your answer by clicking the button below.

We’ll resurface this survey from time to time to see how the industry’s rhythm changes. Our hope is that tools like Ally help more Facilitators bring their parties back to the table with greater consistency, sharper insight, and stronger resolve.

Your allies in IR,

Rob & Scout

Asa's Field Intel: Inspiration for Your Next TTX

1. Federal News Network: CISA Revives Push Toward Long-Awaited Cyber Incident Reporting Rules

CISA has thrown open the gates once more on long-awaited CIRCIA rules related to incident disclosure timelines. Facilitators can use this to create a timed quest, testing how the party responds when the hourglass applies pressure. Read the decree

2. Risky Business: Law Enforcement Agencies and Security Firms Take Down Amadey and StealerC

Law enforcement and security firms struck a heavy blow against the Amadey malware loader and StealC infostealer, seizing servers, domains, and a dragon’s hoard of stolen credentials. Facilitators can turn this into a supply-chain-of-crime scenario, testing how the party responds when one infected endpoint becomes a bandit’s master key. Study the takedown

3. TechRadar: NAIC Confirms Data Breach with ShinyHunters Claiming 3.1TB of Data Stolen in Oracle Zero-Day Attack

Using an enterprise resource planning software to slip into the vault of the NAIC, infamous cyber bandit gang ShinyHunters claims to have seized a whopping 3.1 TB of data. Facilitators can forge this into a third-party systems quest, testing how the party tracks stolen keys and controls the narrative when brigands taunt their spoils. Open the report

4. The Hacker News: Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Agentjacking is a new attack path where poisoned error reports can fool trusted AI coding agents into running a cyber warlock’s wicked commands on developer machines. Facilitators can turn this into a quest about AI trust, testing how the party verifies tool output and keeps AI scribes in check. Examine the scroll

Ally's Build Chronicle: Customize Quests With Three Hidden Gems in Ally’s Build Tool

Shaped by Megh!

Ally’s Build Tool gives you structure for building your scenarios, but that structure is not a cage. It’s the scaffolding that lets your imagination climb to new heights!

Nestled within the Build Tool are three hidden gems that help you give custom shape to the tale. Make tailored refinements by fusing web links, company context, and/or custom prompts into your quest.

  • Slot in a web link: Root your quest in real-world events. Drop in a relevant news story, incident report, or even one of the Asa’s Field Intel items above to help shape a scenario around real threats roaming the cyber realm. For example, if you’re building a quest for a retailer, you could add a link about the 2025 Marks & Spencer breach. In doing so, the Build Tool will use that resource to mold the injects in your exercise.
  • Add company context: Provide company-specific lore which is only known to you. For example, maybe this is the party’s first-ever tabletop. Or perhaps the kingdom still bears scars from a recent incident, and you’d rather avoid those topics since they’re still sensitive. You could even choose to put a specific party member in the spotlight if you want to put focus on a new team member. By revealing this info, you can create a highly-customized quest.
  • Insert a custom prompt: Bend the quest toward a specific task. You could make inject two drill down on containment decisions, while inject four focuses on notification thresholds. But that’s just scratching the surface of this powerful artifact. Want the whole quest to be written in Spanish? Do it. Looking to cut the tension by weaving a zombie apocalypse into the last inject? Go for it. Use your imagination and enchant exercises without limits.

These gems give Facilitators more control over the forge without slowing down the build. Give our Build Tool a try by signing up for a free Ally account.

End of Turn

We’ve surveyed the realm’s tabletop cadence, gathered a fresh bundle of exercise fodder, and unearthed three hidden gems for shaping custom quests in Ally’s Build Tool. May all your upcoming TTXs be critical successes!

About Ally Security

Ally is here to support facilitators, which in turn creates a virtuous cycle where exercises take less time, provide more value, are run more frequently, and can make every organization can be better prepared.

Book a demo!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Have a great IR story? Tell Asa!

The unexpected wins. The client curveballs. The chaos you couldn’t have scripted if you tried. Dear Asa is your space to share the stories that don’t make it into the official post-incident report. Script, submit, and enjoy a chance to be featured or quoted in an upcoming post.

Share my story