New Incident Response Challenges

18/09/2025

Introducing Incident Response Challenges

When an attack happens, the clock starts ticking. Every log entry, every alert, every strange request could be the difference between containment and catastrophe. Incident response is the art of finding the signal in the noise and turning chaos into clarity.

That’s why we’ve built a brand new series of Incident Response Challenges. Instead of just exploiting flaws, you’ll step into the defender’s shoes: analyzing logs, tracing adversary behavior, and piecing together what really happened.

Each challenge is inspired by real-world security incidents and forces you to sharpen both your technical and investigative instincts:

Access Token Manipulation – A user reports being locked out after a suspicious password reset. Dig through CloudWatch logs and uncover how an attacker exploited poorly scoped reset tokens. (Inspired by Subaru Starlink ATO vulnerability)
Command and Scripting Interpreter – Our AI bot just shipped a new feature, and suddenly it’s under attack. Investigate the update, sift through system activity, and identify how the adversary slipped in.
Supply Chain Compromise – A harmless-looking pull request merges cleanly, CI/CD is all green, but something’s off. Follow the Base64 blob, track outbound traffic, and uncover how a poisoned GitHub Action turned the pipeline into an exfiltration channel. (Inspired by the tj-actions incident)

These challenges are grounded in the kinds of compromises defenders face every day, but wrapped in scenarios you can practice safely.

Each challenge asks you not just to spot the attack, but to explain it, attribute it, and propose mitigations. Because real incident response isn’t just about knowing what broke, it’s about making sure it doesn’t happen again.

For a limited time, our Incident Response Challenges are free to try in the Weekly Incident Game.

If you’re a developer, security engineer, or just curious about how attackers leave traces, this is your chance to get hands-on with the messy, fascinating reality of digital forensics.

Go check them out in our new Incident Response Game

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.