惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Exploit Database - CXSecurity.com
N
News and Events Feed by Topic
Latest news
Latest news
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
V
V2EX
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
Cisco Talos Blog
Cisco Talos Blog
K
Kaspersky official blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
SegmentFault 最新的问题
小众软件
小众软件
A
Arctic Wolf
酷 壳 – CoolShell
酷 壳 – CoolShell
腾讯CDC
宝玉的分享
宝玉的分享
Last Week in AI
Last Week in AI
G
GRAHAM CLULEY
罗磊的独立博客
T
Tor Project blog
C
Cisco Blogs
美团技术团队
博客园 - Franky
月光博客
月光博客
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
Cyberwarzone
Cyberwarzone
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
有赞技术团队
有赞技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Security Latest
Security Latest
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
Spread Privacy
Spread Privacy
J
Java Code Geeks
C
CERT Recently Published Vulnerability Notes
大猫的无限游戏
大猫的无限游戏
S
Securelist
The Cloudflare Blog
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
阮一峰的网络日志
阮一峰的网络日志
雷峰网
雷峰网
Project Zero
Project Zero

TrustedSec

CMMC is (Not) Cancelled Pandora’s Container Part 1: Unpacking Azure Container Security Vulnify: Giving Your Agents a CVE Brain Welcoming ObfusGit Inheriting the Receipts: Securing the AI Your Company Already Adopted Large Workflows with Local LLMs Modern Web Application Content Discovery JQ for Hackers JS-Tap v3: Endpoint Post-Exploitation With JavaScript Implants Hardening Intune: The Implementation Guide How to Train Your (Dragons) Analysts - A TrustedSec Guide to Picking… The Privileged Roles Nobody Talks About CMMC Conditional Status - Contracting Without Compliance PCI DSS, Telephone Payments, and the Problems With VoIP Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystem Coverage-Driven Sustained Testing (CDST): A Graph-Oriented Model for… Finding Your Way on the Passkey Path Slamming the Door on Quick Assist Tech Support Scams and Abuse GRC in an AI World - Staying in the Fast Lane Without Losing the Race! The Defensive Stack is Exposed: LLMs, Reverse Engineering, and the… ARP Around and Find Out: Hijacking GPO UNC Paths for Code Execution… Kerberos with Titanis Mythos, Memory Loss, and the Part InfoSec Keeps Missing Benchmarking Self-Hosted LLMs for Offensive Security IAM the Captain Now – Hijacking Azure Identity Access Building a Detection Foundation: Part 5 - Correlation in Practice Reduce Repetition and Free up Time With Mobile File Extractor Policy as Code: Stop Writing Policies and Start Compiling Them Building a Detection Foundation: Part 4 - Sysmon Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found Better Together: Combining Automation and Manual Testing LnkMeMaybe - A Review of CVE-2026-25185 Building a Detection Foundation: Part 3 - PowerShell and Script… Building a Detection Foundation: Part 2 - Windows Security Events
Dungeons and Daemons
Travis Kaun · 2026-04-16 · via TrustedSec

Roll for Initiative. Hack the Planet.

Dungeons & Daemons is a cybersecurity RPG that drops you into the boots of a Red Team operator on a live engagement. Your mission: infiltrate a corporate facility, compromise the domain, exfiltrate the target data, and vanish—all before the clock runs out.

No simulations, no slides, just you, a D20, your backpack, and 30 minutes to prove you belong on the Red Team.

The Mission

AcmeCorp thinks their security is airtight, from physical access controls to network monitoring, a hardened Active Directory environment, and an isolated mainframe protecting their most sensitive asset. In this mission, you strategically navigate the environment and play your TTPs to avoid detection and eviction.

Clone a badge or talk your way past the guard. Plant a rogue device in the server room or social engineer your way to an executive escort. Kerberoast the domain or poison the wire. Every decision burns resources, shifts your detection profile, and reshapes the mission.     

There is no single path—there are dozens, and many of them end badly.

Figure 1 - Mission Contract

Choose Your Class

Pick from four (4) operator archetypes, each with a unique edge.

Figure 2 - Hacker Classes

Characters:

  • Exploit Mage - System attack specialist, +2 to system rolls, reduced hack cost on system techniques
  • Packet Rogue - Network warfare expert, +2 to network rolls, moves quieter on the wire
  • Social Knight - Human-layer operator, +2 to social rolls, smoother under pressure
  • Intrusion Barbarian - Physical access specialist, +2 to physical rolls, brute-force entry with finesse

Your class shapes how you play, but the dice decide if you survive.

Elite TTPs

Every operator starts with a backpack of single-use exploit Cards: RFID cloners, lockpick shims, burner phones, and a few surprises. Play one at the right moment to bypass a roll, boost your odds, or bail yourself out of a bad situation. Once you burn a card, it’s gone.

Figure 3 - Exploit Cards

Hack the Roll

Skill checks run on a D20, but this isn’t pure luck. When your roll comes up short, a Buffer Overflow meter kicks in: a moving target on a timing bar where you tap at the right moment to hack your own roll. Nail the green zone for +3. Clip yellow for +1. Miss and you get nothing. It’s part reflex, part nerve, and it can mean the difference between domain admin and game over.

Figure 4 - Buffer Overflow Exploit

The Stakes

Your Stealth bar is your lifeline; if you hit zero, the blue team finds you. Your Hack capacity fuels every technique and slowly regenerates; if you burn it too fast, you’re locked out when it matters most.

Mini-Games

Not every challenge is settled by the dice. Scattered throughout the mission are hands-on hacking mini-games, skill-based encounters that put your reflexes and pattern recognition to the test.

  • Hash Cracker - Decode password hashes against the clock by matching character patterns before time runs out.
  • Packet Sniffer - Intercept data packets flowing across the wire by tapping at exactly the right moment to capture them.
  • Frogger Evasion - Navigate through a grid of patrolling guards and security cameras to reach your objective undetected.
Figure 5 - Mini Games

Each mini-game appears at key decision points in the story. If you succeed, you advance with a tactical advantage, but if you fail, you'll feel the consequences—lost stealth, burned resources, or a harder path forward.

Consultant Mindset

Dungeons & Daemons was built by the team at TrustedSec—real attack paths and real techniques wrapped in a tabletop RPG you can play in your browser whether you’re warming up for an engagement, onboarding new operators, or just looking for something to play at the next conference. Join the TrustedSec Discord server, #dungeons-and-daemons, to chat with other players and stay informed of future updates.

Grab your backpack. Roll the dice. See if you have what it takes to hack AcmeCorp.