You are a lone IT Security Expert on the noble quest of defending your company against evil hackers. On the line is a lot of overtime, the wrath of your fellow colleagues, and an unpleasant talk with management. Be prepared to prove your knowledge
- Detection and Response game cards (Initial Access, Privilege Escalation, Persistence, Lateral Movement & C2 & Exfiltration, Impact, Event)
- Defenderpoints
- A 6-sided die
- Pen and worksheets
The player with the most knowledge is assigned the role of the Hacker, he shuffles the deck and sorts the cards face down by color and draws a card from every stack (Initial Access, Privilege Escalation, Persistence, Lateral Movement & C2 & Exfiltration, Impact) other than the black Eventcards. The Hacker then proceeds to create an incident situation based on the Attackcards and relates as much as possible to his own work environment. The Hacker will then reveal the scenario of the first card and the IT Security Experts have time to write down a way to prevent and detect this kind of attack. When everyone is finished every IT Security Expert rolls a die, if the number is a 1 or 2 (this can change with Eventcards) the attack was successfully prevented, otherwise the player has a second chance to do the same with the detection method. If the attack was successfully prevented or detected, the player gets a Defenderpoint. After every Attackcard the hacker must draw an Eventcard and give it to one of the IT Security Experts. This continues until all Attackcards are processed and the attack is completed. The IT Security Expert with the most Defenderpoints is the winner and has successfully prevented the Hacker’s attack. After the Game, all participants should work together to determine if the played infiltration would be possible in their infrastructure and what could be done to prevent it.