Pikagi
Tabletop Scenarios Profile Banner
Tabletop Scenarios Profile
Tabletop Scenarios

@badthingsdaily

18,935
Followers
1
Following
4
Media
478
Statuses

THESE 👏 TWEETS 👏 ARE 👏 FICTION👏 This account tweets fictional or headline inspired breach scenarios. To play: Share opinions on prevention or response steps.

Joined February 2017
Don't wanna be here? Send us removal request.
Pinned Tweet
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
8 years
All of the below tweets are fictional conversation starters meant to kick off security tabletop conversations. #DontPanic
8
17
120
Last Seen Profiles
Jhonatan Darllan ✨

@odarlann

kayla greenstien

@Kgreenstien

cosmic

@FunnyPigg

kayla greenstien

@Kgreenstien

pemburu stw

@Prima72323313

RandleHS_STUCO

@RandleHS_STUCO

فحل ابيض 🇱🇾

@sfoo__Ly

Raja Binor Stw

@BinorRaja

pecinta IBU2, STW, BINOR & JANDA

@stw_pdg

Kadie Steinhauer

@KaSteinhaue

𝐓𝐞𝐣𝐚 🇩 🇭 🇫 🇲

@Tejaguntur18

☣️🇩🇪Awoß der Zerstörer🇵🇦☢️

@ElAwebosZ83

Raja Binor Stw

@BinorRaja

Ela...

@Ela_seyhzade

kayla greenstien

@Kgreenstien

PargdlGYJ

@ZoerFranko

Tante Cindy

@jandakembangstw

♠️Mini_咪妮♥️

@MiNimmm2006

🇧🇷™

@PrivAnonLfc

MGT Cohiba

@mgtcohiba

INFO BOKEP LOKAL TANTE SEMOK

@bokeplokalmalam

Mbah Maryono 77

@Mbahmaryono77

asupan jilbab

@asupanjilbab

INFO BOKEP LOKAL TANTE SEMOK

@bokeplokalmalam

御梦子

@Cncmeng_CN

Gadekaka

@Gadekaka1

Théo Quintard

@TheoQuintard

Tante Cindy

@jandakembangstw

セシィ@メスイキ・チクニー

@npc4sc

موجب جده

@wwx8880

Nia Josefy

@NJosefy70789

Hakuna Lorcana Pod

@HakunaLorcana

INFO BOKEP LOKAL TANTE SEMOK

@bokeplokalmalam

Allanah♡︎

@theylovvea

kayla greenstien

@Kgreenstien

INFO BOKEP LOKAL TANTE SEMOK

@bokeplokalmalam

@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
An employee has taken their device to a local repair shop instead of your help desk. All credentials needed for access are provided.
36
159
987
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
Someone has emailed you, and asked to become a maintainer of your popular GH repository.
13
174
742
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Your IR team is drunk at the Mandalay Bay bar and discussing your breach with @briankrebs "anonymously" while still wearing their badges.
8
306
724
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
The vulnerable log4j cases in your environment have been patched... ...to you and your team's surprise.
13
107
655
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
Leadership has asked your team to treat half the company as a potential insider threat.
36
124
622
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
1 year
A core dump containing secret keys has been exfiltrated from an engineering laptop.
13
68
621
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
The disgruntled maintainer of a dependency you rely on has bricked their code.
8
92
615
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
An employee is repeatedly receiving MFA push notifications.
23
77
614
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
An infected host on your network is running searches on Bing.
23
90
593
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
Your entire enterprise identity stack is compromised.
13
93
562
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
A security engineer on your team is investigating a compromised debugger with their compromised debugger.
16
60
544
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Your SSO service has announced a breach.
16
207
523
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Reality is far more outlandish than recent fictional scenarios. "All modern CPU architectures are exploitable" -> "Yeah sure OK captain tabletop 🙄"
8
180
503
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
An adversary can escalate privilege on the endpoint they've compromised by clicking "login" a bunch of times real fast.
10
161
468
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
An influencer on your platform has changed their username to a string that exploits your logging infrastructure, beaconing out of your network. Within a few minutes... so do a few hundred other users.
3
108
464
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
A growing number of your engineers are streaming themselves on Twitch while coding. One of them just revealed a production secret while alt-tabbing. The chat is now being spammed with a production IaaS secret from your repository.
12
121
467
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
Malicious code has been committed to an open source library to protest a current event. You depend on this code.
22
70
434
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
A security company has externally discovered and reported your red team exercise. It is described as a sophisticated attack to a cable news station and law enforcement.
10
110
421
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
The networking gear involved in an outage is access controlled by locks that are dependent on the network gear that is involved in the outage that is access controlled by locks that are dependent on network gear that is involved in the outage that is access controlled by the...
3
101
413
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
The employee managing your social media accounts has decided to exit the organization in style.
3
54
404
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
Your application is leaking PII through front-end code to users.
15
57
369
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
A dumpster diver has discovered an embedded secret in disposed source code print-outs.
6
68
372
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
All previously banned accounts, domains, IoCs, networks, emails, hosts, or device identifiers are now allowed on your platform due to a recent policy change made by leadership.
6
81
361
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
An adversary has read all values on your secrets management platform.
6
70
345
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
An executive in your organization has tweeted a high visibility statement with grammatical errors. They’ve unintentionally rendered a hyperlink with an obscure TLD. A has registered the domain and is hosting malware.
8
140
334
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
The administrator account to your organization's cloud email is no longer accessible. The recovery email belongs to a former employee on a custom domain running on a personal email server.
15
56
309
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Malicious code will be distributed to your endpoints during the routine update of a signed application. Happy Monday.
5
93
281
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
A Blackhat talk has revealed a popular Docker image compromised via the maintainer. Your base image exfiltrates AWS metadata, ENV, API keys.
7
260
223
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Employee who learned how to lockpick at Defcon has unlocked HR file cabinet full of termination records Happy Monday.
7
73
243
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 months
Recovery keys necessary to recover from an outage are inaccessible due to the same outage.
5
46
249
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
A misinformation campaign on social media has tricked your employees into thinking an industry conference has been cancelled.
8
55
233
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
A security researcher you employ is accused of being the thing they research
9
89
228
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
An employee’s active session to your enterprise chat was just purchased by an adversary.
4
42
219
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
Your CEO is asking leadership for attorney privileged material related to the CEOs litigation against the company when they were not CEO. Happy Halloween 🎃
4
29
217
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
4 years
A vendor your IT admins depend on has a very sophisticated software update waiting for them.
2
41
212
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
5 months
Your cloud provider has deleted one of your accounts.
@judges119
Azathoth
@judges119
5 months
new one for @badthingsdaily : one of the top three cloud providers has a misconfiguration and deletes your entire account by accident and can't recover it.
Tweet media one
2
14
50
3
52
219
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
4 years
The Twitter accounts for all of the largest companies and personalities in your industry have all simultaneously pumped up a credential stealing phishing link.
2
87
207
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
5 years
Legacy infrastructure from an long forgotten acquisition has been exploited. There are no employees from the acquisition still with the company. "It responds to ping, it works completely, you just can't figure out where in the company it is." HT @xarph
9
53
205
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 months
An upstream attack on an operating system dependency has made your remotely accessible SSH servers vulnerable to malicious access / code execution.
2
36
195
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
Previously unrouteable hosts on your network are now routable from the public internet.
5
40
190
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
An unauthorized device just authenticated successfully to your VPN.
9
25
191
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Do you keep things in a safe? Your entire safe was just stolen. Enjoy your holidays
5
51
186
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
Your domain registrar has suspended your primary domain. It is not immediately responsive to basic support inquiries.
6
43
183
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 months
Nearly all customers are reaching out simultaneously after your product has triggered an outage.
6
37
182
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
A specific customer has made a valid configuration change causing 85% of your production systems to report errors.
6
32
172
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
5 years
An employee has just found that "music’s infinite variability" appears in a currently onboarded vendor's security documentation where data security is described.
12
34
166
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
5 years
A company responsible for a critical part of your build pipeline has informed you of a breach before the weekend. They are recommending a credential rotation and review of logs for malicious access.
2
68
163
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Employee bridges corporate VPN connection to accessible WiFi AP in Mandalay Bay during BlackHat since the hotel internet is out.
5
49
160
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 months
A production engineer investigating a poorly performant binary has discovered that it is executing code that isn't possible in its associated source.
5
26
163
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
A frontend dependency served on your primary domain was acquired and led to an unintended outcome.
@motherboard
Motherboard
@motherboard
3 years
NEW: Hardcore porn is embedded all over regular-ass websites because a porn company has purchased the domain of a popular, defunct video hosting site.
66
1K
3K
1
51
156
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Your IT admin didn't didn't agree with their termination, so they've locked everyone out of GSuite.
6
86
147
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 months
All systems running a particular EDR are crashing.
6
29
150
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
4 years
A coordinated intrusion has succeeded against many of the internet's most widely used standard timeservers. Systems worldwide have begin synchronizing to a malicious broadcast of: "2020-01-01"
3
46
150
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
4 years
The company managing your MDM has unenrolled your endpoint agents and walked away. Managed FileVault keys are now inaccessible.
2
23
145
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
An active SSO session has been stolen from an engineer with production access.
3
23
145
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
Happy new year. A developer has just typo'd an upstream package installation to their laptop. There was a malicious package waiting for that typo. The post-installation code is exfiltrating environment variables and full directories with .git folders from that shell.
2
37
140
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
Platform certificates granted for internal product development have been revoked as a result of a policy violation.
4
45
137
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
An engineer has left an internet facing web app in debug mode following a maintenance window. Errors now display environment variables, including any secrets stored in them.
1
33
137
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
An employee activist within your organization has taken advantage of the crisis SMS notification service purchased by your physical security team. They have sent a text to all employees with political content. HR must field complaints from ~%4 of total employees as a result.
8
28
129
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Acts of hacktivism in response to loss of notable infosec community member. Marketing sites defaced with trevorforget.png via CMS admin.
1
51
129
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Gaming company unknowingly delivered malware dropper in highly anticipated patch last week. Employees play on work machines.
2
36
127
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
AWS phishing email resembling a cloudwatch alarm has just been sent to one of your engineers engineer with privileged IAM credentials. They've entered credentials. If allowed, attacker immediately hits CreateAccessKey, will come back in a week to use them.
4
61
127
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
A social media company has shut down your high profile executive's account for a policy violation that occurred in DMs.
6
38
118
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
A new marketing employee purchased an email list from a spammer. Your next email campaign contains address honeypots. Massive blacklisting occurs and delivery rates plummet for all email that share MX with marketing.
5
32
119
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
4 years
All traffic to a colocation facility has started dropping.
@MT6572A
MT⬡572A
@MT6572A
4 years
well SHIT my colo just burned down
41
80
515
3
45
118
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
An employee has loudly accused your email administrator of theft, via resetting their BTC exchange password from their corporate email.
11
25
114
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
An offensive message has been sent over a widespread customer notification channel with your branding.
8
21
112
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
An adversary is starting a localized brute force attack against the master password of your recently stolen password vault file.
3
22
113
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
"You discover that someone’s Docker Hub credentials on your team have been exposed." RE:
Tweet media one
2
73
110
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
A coworker has brought in a case of soylent bars that will be recalled for gastrointestinal side effects. During an incident.
7
32
110
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 months
Your eSignature vendor has announced a breach. All contracts have been exposed to an unknown adversary.
5
24
112
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
A domain admin has run a malicious attachment after loudly proclaiming how dumb their users are for doing the same.
Tweet card media
From the sysadmin community on Reddit

Explore this post and more from the sysadmin community

www.reddit.com
1
47
105
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
A researcher poking for log4j exposures in your product has found callbacks coming from systems you don’t recognize and can’t identify.
0
18
104
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 months
The management control plane you would normally use to respond to an outage is down because of the outage
0
24
106
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Research reveals a popular OCR library can be exploited via malicious image file. The attack is named KLEPTCHA and the logo is also the PoC.
2
13
97
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Today your adversary is thankful for all the platform secrets that return in a search for "api key" on your developer wiki and git repo. 🦃
1
46
96
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
8 years
A script has been logging exported variables containing full user registration objects. This logging method is full of plaintext passwords.
5
29
95
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
Furloughed employee with financial risk has begun abusing internal access to payment processing systems. HT @AnarchistDalek
0
30
91
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
A blind XSS payload you generated for a client pentest has just detonated on a .gov intranet site run by law enforcement.
6
32
92
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
The eclipse has magnified a solar flare, drastically increasing the success rate of "bit flip" attacks against DNS.
8
26
90
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
A production secret just rotated, but it was unplanned and no employee was involved. Enjoy your weekend
3
6
91
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Fully DKIM'd phishes have been sent to customers in your marketing lists. Delivery path is your marketing email tool. Enjoy your weekend.
2
24
89
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
You have received notification that a classified document uploaded by an elected politician resides on your servers.
6
24
90
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
The internet has gone out for the entire Bay Area.
5
21
90
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
They even broke into your safe!
1
12
89
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
0day in network vuln scanner. RCE w/ malicious banner messages. Scanning host is owned. Any pw based login is keylogged. (HT @dcode )
6
31
89
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
An employee is harassing others on social media. They claim "Views are my own and don't reflect the views of my employer" on their account.
3
24
90
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
A falsely notarized identity verification form has been faxed to your IaaS platform, requesting that account ownership be transferred to another email address.
@0xdabbad00
Scott Piper
@0xdabbad00
3 years
@usmannk @patio11 @badthingsdaily On AWS, there is a process involving faxing a notarized document for gaining control of an account lost in this way... and also functions as nightmare fuel for the possibility of account take-over.
2
4
36
3
27
90
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 months
A huge fire has erupted at a datacenter you rely on.
16
11
90
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Your infrastructure is now unreachable to international customers. Foreign ISP's block entire AWS CIDR's in a censorship campaign that you also operate within. via @AdamTReineke
2
30
87
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Your communications team has linked to a typojacked domain in a mass customer email. First point of contact to remediate is unresponsive.
3
28
82
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Your anti-malware solution you've installed has been publicly accused of installing the things it was supposed to remove.
2
31
84
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
2 years
An adversary has gained access to your EDR product.
5
13
86
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
6 years
Everything's fine.
6
23
86
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
Counsel has just emailed a state AG with a breach notification after misunderstanding a red team excercise.
5
16
84
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
4 years
Your supply chain has been interrupted with no end in sight.
3
18
80
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
3 years
Law enforcement has reached out to notify you of a breach. They include specific information about your database table structure. However, no incident has been declared yet. 🤔
9
14
84
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
A small group of engineers at the direction of the CEO, has just surprised the company (and you) by launching a new, secretly built product.
2
21
81
@badthingsdaily
Tabletop Scenarios
@badthingsdaily
7 years
An employee's "trust me that's a throwaway password I use only for stuff I don't care about" is used for everything.
6
27
83