A deck explaining the rules and player roles for a simple red v blue tabletop game.

1. MORTAL KOMBAT
ALL NOOB SAIBOT EDITION

2. THE STORY SO FAR
Fuzzbuts.com is an up-and-coming cat picture
aggregator site. Their application allows users to
search for cat pictures by cat color, breed, size, and
sassiness.
Fuzzbuts’ claim is that their Deep Purring algorithm
harnesses the ability of real cats to recognize and
hate each other to allow for excellent feline sorting
and discrimination that rivals a Google search.
Fuzzbuts has a security budget of yes, but a small
dev team and a corporate mandate that all IS
spending must be done by consensus.
Fuzzbuts’ CEO is Billi Kottur, a woman not known for
her social graces.

3. THE OTHER PLAYERS
Minotaur Security Concern - Fuzzbuts is
concerned about someone getting their
proprietary data and stealing their algorithm. In
a fit of good sense, they have hired the
Minotaur Security Concern.
MSC’s goal is to find the most likely attack
vector or vectors and report back to Fuzzbuts.
MSC’s budget is moderate.

4. The Power Borkers – Generally thought to be a bunch of script kitties living in a
basement somewhere, these folks have nonetheless made a name for themselves
by using the OWASP Top 10 as a shopping list to get into information and systems
and monetize their findings.
The Power Borkers’ goal is to make money, and they think that Fuzzbuts may be a
good target. Their budget is nearly non-existent, but they are unhampered by little
concerns like the law.

5. Fuzzbutts.com – Were you wondering where that
second “t” was? Fuzzbutts.com has a . . . very
different business model than fuzzbuts.com, but
you can see where someone might get them
confused.
Felix Margarita, CEO of Fuzzbutts.com certainly
thought so, but the U.S. District Court for the
Ninth Circuit disagreed, and Felix lost a mint on
his unsuccessful trademark suit against
fuzzbuts.com. Fuzzbuts CEO Billi Kottur was not a
graceful winner, and after that one-two punch,
Felix is looking for payback.
Fuzzbutts.com’s goal is to damage the finances,
reputation, and general happiness of Billi Kottur.
Their budget isn’t yes, but is definitely maybe.

6. Fuzzbuts is the
MINOTAUR
POWER BORKERS
FUZZBUTTS.COM
FUZZBUTS

7. BLUE TEAM RULES
• A “move” is a discrete step that Fuzzbuts will take to harden their systems
before an attack.
• Fuzzbuts gets three moves.
• Fuzzbuts players will confer in a separate Teams chat and will DM me their
three moves when they are ready to go on to the next phase of the game.
• Any move taken by Fuzzbuts must be agreed to unanimously by all Fuzzbut
players.
• For this game, assume your budget is yes but your timeframe for making
changes is up to one month prior to the first red team attack.

8. RED TEAM RULES
• Minotaur, the Power Borkers, and Fuzzbutt.com are each a separate red team.
• Each red team gets one move.
• Each “move” is a discrete step that each red team will take to further their
goal.
• Each red team will split into a separate Teams chat and will DM me their move
when they are ready to go on to the next phase of the game.
• For this game, red teams can assume up to one years’ worth of planning time
prior to making their attack and can use any resources that would be
reasonable for an organization of their type.

9. ENDGAME
• Both sides will present
their moves publicly, blue
first, then red.
• The GM will adjudicate
those moves based on
their feasibility,
appropriateness, and the
teams’ arguments.
• Don’t fight the scenario,
don’t be a sore winner or
loser.

10. AFTERMATH
• What worked?
• What didn’t?
• What would you like to see more of?
• What would you like to see less of?
• How was the timeframe?
• Did this feel like a game?
• Would this be useful to clients?

11. LEAVE ME,
HUMANS.