This paper describes the design process for the cybersecurity serious game 'PeriHack'. Publicly released under a CC (BY-NC-SA) license, PeriHack is a board and card game for two players or teams that simulates the struggle between a red team (attackers) and a blue team (defenders). The game requires players to explore a sample network looking for vulnerabilities and then chain different attacks to exploit possible weaknesses of different nature, which may include both technical and social engineering exploits. At the same time, it also simulates budget level constraints for the blue team by providing limited resources to evaluate and prioritize different critical vulnerabilities. The game is discussed via the lenses of the AGE and 6-11 Frameworks and was primarily designed as a learning tool for students in the cybersecurity and technology related fields.
翻译:本文描述网络安全严重游戏“ PeriHack ” 的设计过程。 PeriHack 以CC (BY-NC-SA) 牌照公开发布, PeriHack 是模拟红队(攻击者)和蓝队(Defenders)之间争斗的两个球员或球队的棋盘和牌局游戏。游戏要求球员探索一个抽样网络,寻找弱点,然后将不同的攻击链条串通起来,以利用可能存在的不同性质的弱点,其中可能包括技术和社会工程方面的利用。同时,它通过提供有限的资源来评估和确定不同关键弱点的轻重缓急来模拟蓝队的预算限制。游戏通过GEG和6-11框架的透镜来讨论,主要设计为网络安全和技术相关领域的学生提供学习工具。