TL;DR: Looking for a new and interactive way to prepare your security team? Black Hills Information Security created an Incident Response Card Game called Backdoors & Breaches to break down attack methods, tactics and tools.
You have heard us say this many times, security is about people, process, and technology. SCYTHE allows you to test, measure, and improve all three. One way that we facilitate training people about what an attack looks like is to display the adversary emulation plan, step by step, prior to execution. We encourage having a table-top discussion about each adversary behavior to get an idea of what expectations everyone has for each attack step and learn more about how the attack works. Then you execute the adversary emulation plan in a real environment and see it in action. This is a great, practical way to train. However, this is not the only way and we want to share a fantastic table-top game that can help foster collaboration as well as train your team: Backdoors & Breaches.
What is Backdoors & Breaches?
Backdoors & Breaches (B&B) is an Incident Response Card Game, from our partners at Black Hills Information Security. Backdoors & Breaches contains 52 unique cards (and now an expansion pack) to help you conduct incident response table-top exercises and learn attack tactics, tools, and methods. You can play B&B with a physical card deck or online. Here is a video on how to play.
The original deck comes with 52 unique cards:
- (10) Initial Compromise
- (7) Pivot and Escalate
- (9) Persistence
- (6) C2 and Exfil
- (10) Procedures
- (10) Injects
It takes four cards to build an incident, one from each attack category (Initial Compromise, Pivot and Escalate, Persistence, and C2 and Exfil) and you can have as many as 3,840 Incident Scenarios! It is such a fun and educational table-top game that we highly recommend you play it with your team.
The first expansion deck was released on May 6, 2021 and includes our very own CTO, Jorge Orchilles, as one of the 8 consultants that can be drawn. To use Jorge Orchilles in your incident response, the incident master must reveal the C2 and Exfil Card. We think this fits our CTO quite well, given his work as a co-creator of the C2 Matrix with Bryson Bort and Adam Mashinchi.
Jorge Orchilles playing card lists his specialties as well as his favorite infosec quote.
- Offensive Security
- Purple Team
- Detection Engineering
- Co-creator of C2 Matrix
- Infosec Instructor and Author
- Public Speaking
Attack, Detect, and Respond
Backdoor & Breaches is a great table-top game to learn how attacks work and go through a high-level incident response. It allows a fun way to foster collaboration between your teams. As Jorge’s favorite quote implies, we have to work together to be better. This is why at SCYTHE we push collaboration via Purple Team exercises. As the industry leading Purple Team platform, we provide a way to easily test, measure, and improve your people, process, and technology with our Attack, Detect, and Response methodology. Check out our paper here.