🧪 Break-Fix Labs and Tabletop Scenarios

Intro: Good labs teach pattern recognition. They do not require giant environments. A small YAML, pipeline, manifest, or attack timeline can be enough to build the judgment a real incident later needs.

What this page includes

• lab ideas for product and platform teams
• tabletop scenarios for incidents and architecture reviews
• how to grade the exercise
• how to keep the labs tied to product reality

Lab ideas

• find the dangerous trust in a GitHub or GitLab OIDC role;
• review a Kubernetes manifest for escalation and identity abuse paths;
• identify why a webhook design is replayable;
• inspect an export workflow for cross-tenant abuse risk;
• respond to a suspicious pod with the runtime investigation playbook.

Tabletop scenarios

• compromised CI runner before a release;
• leaked support token touching many tenants;
• cross-tenant export discovered by a customer;
• public bucket exposing source and deployment manifests;
• privilege escalation through mis-scoped workload identity.

Grading idea

Score the exercise on:

• problem recognition;
• trust-boundary clarity;
• containment order;
• evidence preservation;
• business communication quality.

Intentionally vulnerable lab environments

When your team is ready for longer, richer practice instead of one-page exercises, move into the curated lab environments:

• Vulnerable Learning Labs and Goat Environments
• OWASP Juice Shop
• CI/CD Goat
• Kubernetes Goat
• AWSGoat
• CloudGoat
• OWASP EKS Goat
• TerraGoat

Related pages

• GitLab Mock Interview Pack
• Runtime Investigation Playbook for Kubernetes and Containers

Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.