Skip to main content
FortiJump: FortiManager Zero-Day Config Heist operation cover
COMING SOONAdvancedPRO

FortiJump: FortiManager Zero-Day Config Heist

A FortiManager appliance is breached through an FGFM authentication bypass (the FortiJump zero-day): an attacker-controlled FortiManager registers itself as a trusted device, stages every managed FortiGate's configuration into a single hidden archive on the appliance, and exfiltrates it over HTTPS, stealing the fleet inventory and FortiOS256-hashed administrator passwords. Weeks later the operator re-registers and exfiltrates again to fresh infrastructure. With no malware on any firewall and no endpoint to inspect, reconstruct the entire heist from the appliance event log and perimeter firewall alone.

1h 15m
7 tasks
150 points
Pro

Launches in 5 days

Jul 21, 2026

Tuesday, July 21, 2026 at 9:00 AM

View Pro plans

Pro unlocks this operation at launch.

Training Tools

SIEMFirewall

What you'll investigate

7 objectives unlock when this operation goes live.

1Incident brief
2Find where the intruder reached the management plane
3Identify the rogue device
4Locate the staged loot
5Separate the data theft from the callback
6Confirm the re-entry and second drop
7Classify the exfiltration technique

Be first when it launches

Create your account and grab Pro before launch. The moment this operation goes live on Jul 21, 2026, you can jump straight in.

Get Started Free