(The not-so-hidden message here: Does your enterprise have written procedures for incident response?) If they use one of the written procedures, they get a +3 modifier. A roll of 1 to 10 fails, and 11 to 20 succeeds. Investigate a possibly compromised end point? Review web server logs? The defenders roll the die to see if their proposed plan is successful.
Encouraging creative thinking of how an incident might began helps defenders think like attackers, always a plus. A little narrative goes a long way here: How did the incident response team find out something was wrong? It can be vague or even a red herring, and as elaborate or bare bones as you like. The IM then spends a moment to think of a story that fits the cards they've drawn. Like in real life, written procedures make any incident response more likely to be successful. These represent specific written procedures available to your role-playing defensive team, such as "Server Analysis," "Crisis Management" and "Endpoint Analysis." While defenders can use everything they know in real life to analyze the scenario and play the game, the success of any proposed response depends on the roll of the 20-sided die. The rest of the group, who are playing defenders, draw four Procedure cards and lay them face up on the table. The cards all represent realistic threats to enterprise organizations, like " Social Engineering," "Web Server Compromise" and " Credential Stuffing."
Together, these four cards, played close to the IM's chest, represent one of 3,840 possible incident scenarios. One person volunteers to be the Incident Master (IM) (think Dungeon Master) and randomly selects one each of four different types of attack cards: Initial Compromise, C2 and Exfil, Persistence, and Pivot and Escalate. The deck consists of different-colored cards. It's a simple concept, easy to play, and looks like a fun way to run a tabletop exercise.
Custom card game simulator for testing how to#
The card deck comes from the folks at pentesting firm Black Hills, who sent us a review deck and walked us through how to play. Five to six people can play it in as little as 15 to 20 minutes. Inspired by Dungeons and Dragons (B&B instead of D&D), the game includes a pack of custom playing cards and requires 20-sided die, which you must provide. There's a new, fun way to run a realistic incident response tabletop exercise, and it's called Backdoors and Breaches.
0 kommentar(er)
