Add files via upload

re-adding files for A_G scenario

Signed-off-by: CRob <[email protected]>

docs/TTX/Andromeda_Gales/Andromeda_Gales.md

@@ -0,0 +1,17 @@
+# Scenario Descripton
+## Andromeda Gales
+As part of the OpenSSF incident response scenario an open source product has unknowingly been compromised. A malicious payload has been merged into the underlying container image / test suite, infecting a multitude of public and private organisations on update.
+
+The infected software provides integration with numerous CI/CD build pipelines, managing the repeatable build stages for an organisation's software. The malicious payload has been designed to exfiltrate sensitive data from the target deployment and send it to a remote server. The payload is also capable of executing arbitrary code on the host system, potentially leading to further compromise.
+
+The incident response team has been tasked with identifying the malicious payload, understanding the extent of the compromise, and providing guidance on remediation steps to affected organisations. The team must also provide guidance on how to prevent similar incidents in the future.\n\nThe team has access to the following resources:
+
+- A copy of the infected container image\n- A list of affected organisations
+- A copy of the malicious payload
+- A list of build pipeline integrations
+- A list of potential indicators of compromise (IOCs)
+- A list of potential attack vectors
+- A list of potential remediation steps
+- A list of potential preventative measures
+
+The team is expected to provide a detailed incident report outlining the steps taken to identify and contain the incident, the impact of the compromise, and the recommended remediation and preventative measures. The incident report should also include a timeline of events and any lessons learned from the incident response process.