Welcome to the first iteration of our Backdoors & Breaches, an Incident Response Card Game, from Black Hills Information Security and Active Countermeasures. Backdoors & Breaches contains 52 unique cards to help you conduct incident response tabletop exercises and learn attack tactics, tools, and methods.

We know this card game will continue to improve and evolve over time based on your feedback and by being played and modified by the infosec community. We have a few expansion packs planned for 2020. 

We’re excited for you to play and learn from the game!

Below you will find our directions on how to play, but we know you’ll hack and customize the deck of cards to fit your own needs for you and your team or students.

How To Play!

download and print a pdf version of “how to play”

52 Unique Cards:

  • (10) Initial Compromise
  • (8) Pivot and Escalate
  • (8) Persistence
  • (6) C2 and Exfil
  • (10) Procedures
  • (10) Injects

Example Cards:

Example Backdoors & Breaches Cards

It takes four cards to build an incident, one from each attack category.
(Initial Compromise, Pivot and Escalate, Persistence, and C2 and Exfil)
3,840 Incident Scenarios

Where to get a deck?

Here is our schedule for releasing the Backdoors & Breaches Core Decks so you know where, how, and when to get one for yourself.




  • Randomly selected Early Requestors will receive (1) core deck each – 200 decks


  • We will be preparing for a public release of the game.


  • Public Storefront (TBD) – Price (TBD)
  • Shmoocon – 700 decks


  • 2nd Wave – 100 Educators

Free Network Threat Hunting Training:

Active Countermeasures has produced six-hours of introductory Network Threat Hunting Training for you to learn the basics of threat hunting tools, techniques, and procedures. Free to anyone that registers online: https://www.activecountermeasures.com/thunt/

Early Requests:

We are providing (14) free Backdoors & Breaches Core Decks to educators who teach information security. If this is you, please request (14) core decks for your classroom.

If you are an individual looking for a core deck for yourself and/or organization, fill out the individual request form and we’ll add you to the list for upcoming information.

Questions? Found an error or typo? Contact deb @ blackhillsinfosec dot com