November 17, 2024

Serious Game To Understand Hacking Workflows

Author: Eliane Alhadeff
Go to Source

Image credit: X-Hacker game by Trideum

X-Hacker, developed by Trideum, was selected as a finalist in the 2019 Serious Games Showcase and Challenge in the Business/Nonprofit Category.

X-Hacker is a Serious Game about Cyber Security/Warfare. The game introduces cyber terminology to players in context and with purpose. It gives players practice in finding vulnerabilities such as unpatched or outdated platforms. Its value proposition is to provide a context for players to think from a different perspective, to imagine the motivations, goals and methods of actual hackers, so that they better understand how to take preventative measures in protecting their digital information.

Trideum primarily consider DoD employees in need of basic cybersecurity training as their target audience. But they think commercial businesses might have interest in training their employees to be aware of cyber threats as well. The play testing did include 12-year olds to gauge usability and engagement, but the primary audience are adults employed at a business that has a network.

One of the highlights of the game is the User Interface and playful hacking workflows, which provide a better learning experience than other similar games. X-Hacker is indeed engaging and fun and is most successful in introducing cyber terminology to users in context and with purpose. Look forward to playing the promised future advanced levels the developers have planned but not yet implemented, where users can learn tactics and strategy for their own ethical hacks.

Gameplay
In the game, you have been recruited into the underground world of hacking. Choose your hacker name carefully, in case the small-time hacks that get you started lead to political and military disruptions that land you on the cover of Wired magazine. With X-Hacker anyone can learn how to be stealthy, discover vulnerabilities, and exploit digital systems. Only the patient and highly skilled will manage to penetrate fully secured networks while dynamically improving cyber defenses. 

Start with simple, open-source tools deployed against businesses without firewalls, and eventually build your own payloads, customized to targets you discover after careful intel gathering. The X-Hacker digital board game style experience allows you to assume the role of your adversary. It is strategic fun that teaches you basic cyber terminology and conceptual models. The experiments with hacking workflows will ultimately improve defensive strategies on your real-world networks or hone skills for white hat or ethical hacker cyber attacks.

Image credit: X-Hacker game by Trideum
The player must complete hacking goals in order to advance to the next level. Within levels the game measures time on task as an indicator of expertise. The game is built on a framework that could also collect a variety of metrics such as optimal hacking path or the period a player remained stealthy.

For level one, the challenge is to connect to a target network, discover what devices and files are there and which are vulnerable, and then exploit those vulnerabilities. The game goal is a successful hack under time pressure. The real educational goal is to learn terminology and what you can do to protect your own devices and networks. In future advanced levels the developers have planned but not yet implemented, users such as military cyber forces can learn tactics and strategy for their own ethical hacks.

Image credit: X-Hacker game by Trideum

Feedback/Player Reward System

A player’s visibility into a target network expands as a reward for using the right tools, and contracts when making bad choices. Player’s success probability for a hack increases when they make good choices, such as matching the right payload to the right vulnerability. 

About Trideum

Founded in 2005, Trideum Corporation is a privately owned and operated small business headquartered in Huntsville, Alabama. Trideum specializes in providing solutions and services in the area of test and evaluation, modeling and simulation, systems analysis, and information technology.

Go to Source