The Card Deck

These are all the cards included in the game. If you would like to have a copy of the phyiscal cards, head over to the Backdoors & Breaches Homepage at Black Hills Information Security and Active Countermeasures for order information.

Initial Compromise

Web Server Compromise-2
External Cloud Access-3
Insider Threat-4
Password Spray-5
Trusted Relationship-6
Social Engineering-7
Bring Your Own (Exploited) Device-8
Exploitable External Service-9
Credential Stuffing-10

Pivot and Escalate

Internal Password Spray-11
Weaponizing Active Directory-13
Credential Stuffing-14
New Service Creation-15
Local Privilege Escalation-16
Broadcast / Multicast Protocol Poisoning-17


Malicious Service / Just Malware-18
DLL Attacks-19
Malicious Driver-20
New User Added-21
Application Shimming-22
Malicious Browser Plugin-23
Logon Scripts-24
Evil Firmware-25
Accessibility Features-26

C2 and Exfil

HTTP as Exfil-27
HTTPS as Exfil-28
DNS as Exfil-29
Windows background Intelligent Transfer Service (BITS)-30
GMail, Tumbler, Salesforce, Twitter as C2-31
Domain Fronting as C2-32


Security Information and Event Management (SIEM)-33
Server Analysis-34
Firewall Log Review-35
NetFlow, Zeek/Bro, Real Intelligence Threat Analytics (RITA) analysis-36
Internal Segmentation-37
Endpoint Security Protection Analysis-38
User and Entity Behavior Analytics (UEBA)-39
Endpoint Analysis-40
Crisis Management-42


Honeypots Deployed-43
It was a Pentest-44
Data Uploaded to Pastebin-45
SIEM Analysts Returns from Splunk Training-46
Take One Procedure Card away from the Defenders.-47
Give the Defenders a Random Procedure Card-48
Lead Handler has a Baby, Takes FMLA Leave-49
Bobby the Intern Kills the System You are Reviewing-50
Legal Takes Your Only Skilled Handler into a Meeting to Explain the Incident-51
Management has Just Approved the Release of a New Procedure-52