A curated list of security card games (which are sometimes known as tabletop exercises).
Security card games help train your skills and enable discussions for various areas of security.
- Cornucopia - A card game based on OWASP's Top 10 (authentication, data Validation etc.). The card deck is available as PDF from OWASP.
- Crypto Go - An educational card game designed to teach up to date symmetric cryptography. Crypto Go deck consists of cards representing modern cryptographic tools.
- Know your risks - Learn what information is safe to share online and understand the risks. Learn about whether to share, not share or be cautious with different pieces of information.
- Backdoors & Breaches - An incident response card game. It helps you conduct incident response tabletop exercises and learn attack tactics, tools, and methods.
- Defensomania - An incident response card game for security monitoring and incident response teams to discuss priorities, possible response actions and attack scenarios.
- Elevation of Privilege (EOP) by Microsoft - A card game based on Microsoft's threat modeling framework "STRIDE" (Spoofing, Tampering etc.). The card deck is available as PDF from Microsoft. Adam Shostack, the author of EoP has also a git repo for EoP.
- Security Cards - A card game encouraging to think broadly and creatively about computer security threats. Four dimensions are covered: Human Impact, Adversary's Motivations, Adversary's Resources, Adversary's Methods.
- Cumulus - A threat modeling card game for the clouds which helps you find threats to your DevOps or cloud project and teaches developers a security oriented mindset.
- Tabletop Security Games & Cards - List of security card games created and maintained by Adam Shostack.
- Tabletop Simulations to Improve Your Information Security Program - Red Canary's write-up about tabletop exercises for information security programs.
- Game On: Tabletop Games to Teach Cyber and Information Security Concepts - List of tabletop games to teach cyber and information security concepts.
Contributions welcome! Read the contribution guidelines first.