Serious Games

Operation Raven

Operation Raven is a serious game played by one or several groups as a tabletop exercise (TTX) to simulate the incident response to ransomware. A game master simulates the course of action of a ransomware attack. The gaming material includes a game board depicting the organization’s infrastructure under attack, incident cards representing the ransomware and incident response actions, and a structured way to model the response on a response board, typically on a whiteboard.

The game board also displays the relationship between the critical infrastructure provider and its external IT providers. The ransomware makes its move (simulated by the game master), the players define their incident response actions and note them on the incident response board, and the game master evaluates the effectiveness of these actions and determines the next move of the simulated ransomware. A highly modular game design allows customization for specific IT and OT infrastructure and organization designs, industries, and incident scenarios.

CopyCat

CopyCat

CopyCat is an exciting digital card game that immerses players in the world of cyber security. During the game, you will learn key defences to protect against attacks on your data in the software supply chain.

Experience the thrill of navigating through 12 carefully crafted attack scenarios, each inspired by the cybersecurity kill chain. Get ready to hone your cyber defence skills in a fun and interactive way!

DuckDebugger

DuckDebugger

The DuckDebugger is a Serious Game targeted at software developers, meant to enhance current security code review practices. With over 31 exercises covering 6 programming languages, the game aims to bring awareness about the limitations of automated security scanning (i.e. false negatives and false positives) and to empower developers in producing secure code contributions to digital products.
For every exercise: a player receives a snippet tainted with common software weaknesses (i.e. from CWE Top25 and OWASP Top10) and their job is to perform a security-centric code review.

Help is provided in the form of findings from SAST tools and a security review checklist. Upon finding at least 50% of the findings (this threshold was determined as adequately challenging in prior research), the user receives the full solution to the snippet, in the form of the full expected security review, together with mentions on negative security implications of individual weaknesses.

Hack dich nicht!

Hack dich nicht!

The serious game ‘Hack dich nicht’ simulates a ransomware attack on a transnational supply chain and challenges players to maintain logistical processes despite massive disruptions. In the role of a logistics company, they must make strategic decisions to minimise the impact of the cyberattack and strengthen their resilience. With the help of playing cards – including ‘attack cards’, ‘resource cards’ and ‘defence cards’ – they implement defensive measures and optimise their processes so as not to jeopardise operations.

The playing field harbours unforeseeable threats that require quick action and effective crisis management strategies. Through this interactive learning format, the game conveys the importance of cyber security in logistics in a practical way and sensitises players to the challenges of modern supply chains.

Count2zero

Count2zero

The escape game ‘count2zero’ was developed to raise awareness of cyber security. It is played in a bomb shelter equipped with IoT components, robots and digital assistance systems. Teams consisting of a maximum of five players are confronted with various puzzles that must be solved one after the other in order to escape the room. When solving the puzzles, players must be careful not to violate any IT security guidelines.

Each of the puzzles mirrors a situation that may occur in general service operations and provides an opportunity to learn about cyber security risks and how to use devices safely. Players must adhere to security guidelines, rash actions can quickly lead to an avoidable IT security breach as the clock ticks down. Teamwork is just as important as thinking outside the box. Count2zero is an immersive escape game with a high fun factor and inspiring, educational puzzles.

Digital Detectives

Digital Detectives

“Digital Detectives” – A Serious Game for Different Target Audiences and Learning Needs

The world of digital forensics offers exciting opportunities, now made accessible through the Serious Game “Digital Detectives.” Two versions of the game target different audiences and provide tailored learning experiences.

Version 1: An Introduction for Young IT Talents

The first version of “Digital Detectives” is specifically designed for students and young IT enthusiasts who want to explore the basics of digital forensics in a playful way. The goal is to raise awareness of the challenges and opportunities in cybersecurity and inspire potential talents for this promising field.

With an intuitive and accessible design, even beginners without prior knowledge can step into the role of a digital investigator. This version has been successfully released on an open-source platform and tested in studies. The results show high motivation and enthusiasm among the target group for topics such as cyberattacks, evidence collection, and suspect identification.

Version 2: In-Depth Insights for Students and Professionals

For a more advanced audience – students and professionals in IT security – the second version of “Digital Detectives”offers a deeper and more practical learning experience. It focuses on applying tools for data recovery and cyber analysis, creating a stronger connection to real-world practice.

This version includes more complex scenarios and also addresses employees without technical expertise, helping them raise their awareness of cybersecurity threats. By combining gamification with practical content, the game promotes interactive learning and the direct application of acquired knowledge.

One Game – Two Approaches

Both versions of “Digital Detectives” are fully developed, publicly available, and have been successfully evaluated. They demonstrate how Serious Games can engage both beginners and advanced users in the challenges of digital forensics while imparting valuable knowledge.

Interested players can try the games and participate in further testing and evaluation rounds:

  • Version for students and young IT enthusiasts: Play now
  • Version for students and professionals:  
    Play now

With “Digital Detectives,” cybersecurity becomes an interactive and educational experience – tailored to different audiences and learning levels.

A question of security

A question of security” – A serious game about ransomware

The ransomware registers on a personal mobile device that is used for business and private purposes. Now good advice is expensive. What to do? This is the starting point of “A Question of Security”, an analog serious game for three to eight players.

You learn to ask the right questions in an entertaining way. With a bit of luck and a sure instinct, at the end of the game you will not only have restored your ability to work but also played through your personal emergency plan for such situations.