Collection of free-to-use educational security games.
The collection below is currated by the TULIPS group and features both our own games and games designed by other labs and organizations. We make no guarentees about the content, but if you find a problem please contact us to let us know.
Adam Shostack also maintains a list of tabletop security games.
Teaches the basic idea behind firewall administration on a network. The aim of the game is to set up firewall rules in different scenarios, in order to teach the player about iptables syntax, and attack logs from IDS.
Firewall simulator where a user can setup a firewall on the "insider" terminal and then test it by attacking from the "outsider" terminal.
A choose-your-own adventure style game where you play the role of a Chief Information Security Officer (CISO) making decisions for a hospital. Game starts out with a worst case scenario and then rolls back time so you can play the main character as they attempt to setup security for the hospital.
Unofficial version of Cards Against Humanity. It focuses on the world of Internet identity. 'If you want to know what the new password requirements will be, or you know the feeling of accidentally hitting your security token in the middle of a sentence, or you just want to blame everything on multi-factor authentication, this card set is for you. It's full of industry jokes and references that your normal friends probably won't understand.'
Mission-based card game where each person plays a different type of hacker such as a 'Network Ninja' or a 'Social Engineer' to accomplish different jobs.
Role-playing game about security in industrial control systems. D-D players are tasked with managing the security of a small utility company: they are given a budget that they can spend among different defensive options. Played with 3 to 5 players plus a Game Master who directs the players.
Easy way to get started threat modeling. It is a card game that developers, architects or security experts can play.
Card game where each player must manage a personal computer which hosts services (make money) and defend their network (costs money). Players then try and take down rivals by playing well known attacks against them, and they defend by correctly identifing how to prevent the attack.