Backdoors & Breaches was created at Black Hills Information Security to facilitate fast, educational, and fun Incident Response Tabletop Exercises for organizations all over the world. One of the things we're told often is, "We love the game, but sometimes it's hard to come up with a scenario that tells a story about the attack chain. Are there any guides that could help?"
Those questions were the birth of B&B: Campaigns.
Backdoors & Breaches: Campaigns are guides designed to educate players about noteworthy security breaches while discussing if their organization is ready to defend against an attack like the one presented. Each campaign guide enables the Incident Master to place specific cards into the attack chain that most closely represent a well-known breach. The Incident Master will be provided with Procedure Cards to use for the written procedures. The guide will also provide examples to help explain why a card that should succeed would fail. Finally, the story and background for the game is presented with references to help the Incident Capatin gain context before play and for the players to read afterward.
Each campaign is designed to make Tabletop Exercises even easier to educate, train, and prepare for repsponding to Incidents.
Got an idea for a campaign? Great! Use the template located here to create a new campaign. Once your ready make a pull request in GitHub. That's it! We'll review it and if everything looks good we will publish it here to share with others. (with credit of course!)
Let us know what you think! And if somehow you arrived here having never heard of Backdoors & Breaches you can learn all about the game here - https://www.backdoorsandbreaches.com
A scneario based on the Ubiquiti Breach. Is your team ready for an insider threat attempting to extort you that also happens to be on your Incident Response Team?
A scenario based on the Equifax breach. How does you team handle critical vulnerablities on a publically facing system disclosing millions of PII records?
Solarwinds Supply Chain
A scenario where a Florida Water Treatment Plant has a security incident related to TeamViewer. Are you ready to detect outside access to a laptop in your enviornment that allows access to sensitive systems?
Colonial Pipeline
Stuxnet