Learn from CircleCI

The CircleCI Breach:
Could Your Team Have Stopped It?

In 2022, a sophisticated attack on CircleCI resulted in the theft of customer secrets. Incident Drill lets your team practice responding to similar security incidents, preparing them to protect your company.

CircleCI | 2022 | Security Breach
Practice This Scenario

The Cost of Unpreparedness

Modern security threats are increasingly complex. The human element is often the weakest link. Without consistent practice, even the best engineers can struggle under pressure, leading to costly mistakes and extended downtime.

PREPARE YOUR TEAM

Incident Drill: Security Incident Preparedness, Reimagined

Incident Drill provides realistic incident simulations based on real-world events like the CircleCI breach. Teams practice collaborative problem-solving, improve their incident response skills, and learn to identify and mitigate threats before they escalate.

🔑

Simulate Security Breaches

Practice responding to realistic security incidents like the CircleCI token theft.

🧑‍💻

Collaborative Exercises

Work together as a team to diagnose and resolve the incident.

⏱️

Time-boxed Scenarios

Experience the pressure of a real incident with time constraints.

📊

Detailed Post-Mortems

Analyze your team's performance and identify areas for improvement.

🛡️

Focus on Security Best Practices

Reinforce key security principles and procedures.

Customizable Drills

Tailor incident simulations to your specific infrastructure and threats.

WHY TEAMS PRACTICE THIS

Improve Incident Response & Security Posture

  • Reduce time to resolution for security incidents
  • Improve team communication and collaboration
  • Identify vulnerabilities in your infrastructure
  • Strengthen your security awareness and culture
  • Empower engineers to handle critical situations
  • Reduce the financial and reputational impact of breaches

Attack Flow

1. Compromised Laptop
Malware infects engineer's laptop. CRITICAL
2. Session Cookie Theft
2FA-backed SSO session cookie is stolen. CRITICAL
3. Production Access
Attacker gains access to production systems. CRITICAL
4. Secret Exfiltration
Customer secrets are exfiltrated. CRITICAL
5. Remediation
Incident response team attempts to contain the breach. IN PROGRESS

How It Works

1

Step 1: Incident Briefing

Understand the scenario and initial impact.

2

Step 2: Investigation & Triage

Analyze logs, identify affected systems, and prioritize actions.

3

Step 3: Containment & Remediation

Isolate the breach, patch vulnerabilities, and restore systems.

4

Step 4: Post-Mortem & Learning

Review the incident, identify areas for improvement, and update procedures.

EXPLORE MORE

Related Incidents

Apache Log4j Log4Shell Bitcoin Inflation Bug Capital One Cloud Breach

Ready to Level Up Your Incident Response?

Join the Incident Drill waitlist and be among the first to access our realistic incident simulations. Protect your company from the next big breach.

Get Early Access
Founding client discounts Shape the roadmap Direct founder support

Join the Incident Drill waitlist

Drop your email and we'll reach out with private beta invites and roadmap updates.