ACE

RESPONDER

Attack Animator

Blog

Learn

Challenges

Sign in

ACE Responder experienced a potential security incident during an assumed breach engagement. The red team, operating from a simulated rogue device, lost access to their Empire C2 server shortly after beginning the exercise. After troubleshooting the issue, they contacted the SOC to report that they were unable to continue as planned. The Empire server's SSH port appeared to be unavailable, and operators could no longer log on to the Empire server's Starkiller web interface. The red team lost access shortly after compromising a workstation (Win11-20). They suspect their C2 server (Kali) was compromised based on the fact their SSH sessions were disconnected abruptly and they could no longer access Starkiller using the *empireadmin* password. The SOC took action to contain the incident and isolated the affected network segment. The potential breach occurred between 20 February and 22 February 2024 ![](https://assets.aceresponder.com/unassumed-breach/aceresponder.lab.png)

Unassumed Breach

Share on Twitter
Share on LinkedIn

ACE Responder experienced a potential security incident during an assumed breach engagement. The red team, operating from a simulated rogue device, lost access to their Empire C2 server shortly after beginning the exercise. After troubleshooting the issue, they contacted the SOC to report that they were unable to continue as planned. The Empire server's SSH port appeared to be unavailable, and operators could no longer log on to the Empire server's Starkiller web interface.

The red team lost access shortly after compromising a workstation (Win11-20). They suspect their C2 server (Kali) was compromised based on the fact their SSH sessions were disconnected abruptly and they could no longer access Starkiller using the empireadmin password.

The SOC took action to contain the incident and isolated the affected network segment. The potential breach occurred between 20 February and 22 February 2024

Analyst

$17.49

/mo

14 Days Free

Explore realistic pre-recorded attacks

Master full-featured defensive platforms

Browser-based challenges and modules

Extended attack videos

Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.

Defender

$44.49

/mo

Instant fully interactive labs

Hands-on prevention and detection

Master offensive techniques

Security engineering exercises

Highly realistic and dynamic scenarios

Access to all Analyst-level content

Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.