Please note:

This site is using cookies to manage navigation and other tasks! We are not using any cookies for analytics or marketing purposes. All cookies are deleted when the session times out or you close your browser. You can find more information about this in our Privacy Information!

The Card Deck

These are all the cards included in the game. If you would like to have a copy of the phyiscal cards, head over to the Backdoors & Breaches Homepage at Black Hills Information Security and Active Countermeasures for order information.

Initial Compromise

Phish-1

Web Server Compromise-2

External Cloud Access-3

Insider Threat-4

Password Spray-5

Trusted Relationship-6

Social Engineering-7

Bring Your Own (Exploited) Device-8

Exploitable External Service-9

Credential Stuffing-10

Pivot and Escalate

Internal Password Spray-11

Kerberoasting-12

Weaponizing Active Directory-13

Credential Stuffing-14

New Service Creation-15

Local Privilege Escalation-16

Broadcast / Multicast Protocol Poisoning-17

Persistence

Malicious Service / Just Malware-18

DLL Attacks-19

Malicious Driver-20

New User Added-21

Application Shimming-22

Malicious Browser Plugin-23

Logon Scripts-24

Evil Firmware-25

Accessibility Features-26

C2 and Exfil

HTTP as Exfil-27

HTTPS as Exfil-28

DNS as Exfil-29

Windows background Intelligent Transfer Service (BITS)-30

GMail, Tumbler, Salesforce, Twitter as C2-31

Domain Fronting as C2-32

Procedures

Security Information and Event Management (SIEM)-33

Server Analysis-34

Firewall Log Review-35

NetFlow, Zeek/Bro, Real Intelligence Threat Analytics (RITA) analysis-36

Internal Segmentation-37

Endpoint Security Protection Analysis-38

User and Entity Behavior Analytics (UEBA)-39

Endpoint Analysis-40

Isolation-41

Crisis Management-42

Injects

Honeypots Deployed-43

It was a Pentest-44

Data Uploaded to Pastebin-45

SIEM Analysts Returns from Splunk Training-46

Take One Procedure Card away from the Defenders.-47

Give the Defenders a Random Procedure Card-48

Lead Handler has a Baby, Takes FMLA Leave-49

Bobby the Intern Kills the System You are Reviewing-50

Legal Takes Your Only Skilled Handler into a Meeting to Explain the Incident-51

Management has Just Approved the Release of a New Procedure-52