incident-response-trainer
Incident response training · Rule-based scoring
DemoCatalogHistoryDashboard
← Back to catalog
Cloud InfrastructuremediumPublic Container Image Credential LeakHigh asset
Scenario

Private container image pushed to a public registry — embedded credentials at risk

A medium Cloud Infrastructure scenario on Public Container Image Credential Leak.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 3 templates in this Track + Difficulty pool.

catalog id · cloud-public-container-image-leak

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains
  • Contain a private container image leaked to a public registry
  • Rotate embedded credentials and harden registry/build controls
MITRE ATT&CKmitre-attack
  • Unsecured Credentials: Credentials In Files · Credential AccessT1552.001 · TA0006
    MappedHigh confidence

    Trains response to a cloud credential baked into a container image layer and leaked on a public registry.

MITRE D3FENDmitre-d3fend
  • User Account ContainmentD3-UAC
    MappedHigh confidence

    Trains rotating and revoking the embedded credential once the image is public.

  • Resource Access Policy AuditingD3-RAPA
    MappedMedium confidence

    Trains correcting the registry visibility and scoping the build identity that pushed it public.

NIST CSF 2.0nist-csf-2
  • Data Security · ProtectPR.DS · PR
    MappedHigh confidence

    Trains the data-security posture that keeps secrets out of build artifacts.

  • Continuous Monitoring · DetectDE.CM · DE
    MappedHigh confidence

    Trains detection from secret scanning and registry monitoring of a public push.

NIST SP 800-61r3nist-sp-800-61r3
  • IR lifecycle phaseContainment, Eradication & Recovery
    MappedHigh confidence

    Trains rotating the credential and making the image private as containment.

  • IR lifecycle phaseDetection & Analysis
    MappedHigh confidence

    Trains scoping what the image exposes and whether the leaked credential was used.

CISA Cybersecurity Performance Goalscisa-cpg
  • Secure Sensitive Data2.I
    MappedHigh confidence

    Trains the sensitive-data baseline that keeps credentials out of public artifacts.

  • Log Collection2.T
    MappedMedium confidence

    Trains preserving registry push/pull logs that scope the exposure.

CIS Controls v8cis-controls
  • Data ProtectionControl 3
    MappedHigh confidence

    Trains the data-protection control behind rotating and removing the leaked secret.

  • Application Software SecurityControl 16
    MappedMedium confidence

    Trains the secure-build practice of injecting secrets at runtime, not baking them into images.