About the game

The game is played by one to five teams representing the company’s information security department. Each team and administrator have its own control panel that allows you to interact with the administrator. The panel includes:

  1. Imitation of resources
  2. Timer
  3. Data about the incident

Decisions are made twice a «day» so teams have 12 moves to defend the organization and prevent attackers from achieving their goal.

Support

The game takes place under the strict guidance of the administrator, which allows you to quickly understand the mechanics and concentrate on the incident itself.

Format

4 different scenarios that allow you to effectively immerse yourself in the incident response process.

Choose what format suits you best:

  • In-person event, at our Training Center or at another location
  • Installation of the game on-premise for in-house training

Scenarios

The Digital Hygiene workshop contains not only lectures but also tests and other gamified educational formats designed by experts who deal with online threats every day. This allows the learner to more deeply understand these threats and what Internet users need to do to protect themselves.

Bank incident

arrow_drop_down

You are a member of the Incident Response Team at the large bank. The bank has over 300 thousand hosts, ATMs, card processing and SWIFT. The bank’s services are used by a wide range of clients from students to large industrial organizations. Most of the bank’s infrastructure runs on Windows, the smaller part on UNIX machines.

You discovered that an advertisement for the sale of your bank’s customers has been published on the darknet, and that remote access to the network is promised for a fee. The bank cannot be disconnected from the Internet; it is necessary to minimize the impact of the attack on business processes.

Ransomware

arrow_drop_down

You are asked to help a small legal consulting company where an incident has
occurred. The company’s infrastructure consists of about 250 hosts. Most of the hosts run on Windows, but there are also Unix servers. One of these servers is a web server hosting the company’s official website. The incident began with the discovery of files with unknown extensions on a number of user hosts. A brief analysis revealed that the detected files were associated with a popular ransomware. Your main task is to track down the threat actor’s actions and prevent encryption of the most critical data.

Espionage

arrow_drop_down

You are a member of the DFIR team at a global cybersecurity company. Today you are asked to help a fast-growing startup whose infrastructure includes several hosts on Windows, as well as Git Server with Gitea on Ubuntu. The startup is currently working on an outsourced collaboration project for banks across the United States and Europe.
Rumors about the development of the system have attracted a lot of attention.

Although details of the development have not been disclosed, the project is supported by a large number of stockholders around the world.

Recently, one of the startup’s employees discovered a discussion of the project’s source code on a popular developer forum. A strict NDA was imposed on the project with an impressive fine for the disclosure of information about the development of the system. The person responsible for the project suspected an insider or spy of leaking the data. So, it’s time for you to become a hero and find the evil.

Industrial Case

arrow_drop_down

Can you hear an alarm – the production of plastic bags has stopped! One of the branches of a large package company is under attack. Only you can find out what happened. According to the information security service, all critical network segments have a proxy/firewall. The company also has Threat Hunting Framework deployed. The branch network has two main segments – corporate and technological one. In the corporate segment there are 10,000 hosts, including managers, sales, HRs, etc. The technological segment is represented by five workshops. Each technological process is under the control of an operator, who controls and monitors it. In addition to the operator, the processes are controlled by technologists, who modify the control programs needed to operate the controllers.

Hardware recommendations for online format

  • 8 GB RAM
  • 512MB free storage on HDD
  • Fast and stable internet connection

The game has been successfully tested on the following web-browsers

  • Google Chrome
  • Safari
  • Mozilla Firefox
  • Opera
  • Microsoft Edge
  • Internet Explorer (old)