There’s a new, fun way to run a realistic incident response tabletop exercise, and it’s called Backdoors and Breaches. Inspired by Dungeons and Dragons (B&B instead of D&D), the game includes a pack of custom playing cards and a 20-sided die. Five to six people can play it in as little as 15 to 20 minutes.
The card deck comes from the folks at pentesting firm Black Hills, who sent us a review deck and walked us through how to play. It’s a simple concept, easy to play, and looks like a fun way to run a tabletop exercise.
How the game works
The deck consists of different-colored cards. One person volunteers to be the Incident Master (IM) (think Dungeon Master) and randomly selects one each of four different types of attack cards: Initial Compromise, C2 and Exfil, Persistence, and Pivot and Escalate. Together, these four cards, played close to the IM’s chest, represent one of 3,840 possible incident scenarios. The cards all represent realistic threats to enterprise organizations, like “Social Engineering,” “Web Server Compromise” and “Credential Stuffing.”
The rest of the group, who are playing defenders, draw four Procedure cards and lay them face up on…