'PeriHack': Designing a Serious Game for Cybersecurity Awareness

TL;DR

PeriHack is a board and card game designed to educate students on cybersecurity concepts by simulating attacker-defender scenarios, resource constraints, and vulnerability exploitation in an engaging way.

Contribution

This paper introduces PeriHack, a novel serious game that combines technical and social engineering aspects for cybersecurity education, with a focus on resource management and strategic decision-making.

Findings

Engages students in cybersecurity concepts through gameplay

Simulates real-world attack and defense scenarios

Provides an accessible educational tool for cybersecurity awareness

Abstract

This paper describes the design process for the cybersecurity serious game 'PeriHack'. Publicly released under a CC (BY-NC-SA) license, PeriHack is a board and card game for two players or teams that simulates the struggle between a red team (attackers) and a blue team (defenders). The game requires players to explore a sample network looking for vulnerabilities and then chain different attacks to exploit possible weaknesses of different nature, which may include both technical and social engineering exploits. At the same time, it also simulates budget level constraints for the blue team by providing limited resources to evaluate and prioritize different critical vulnerabilities. The game is discussed via the lenses of the AGE and 6-11 Frameworks and was primarily designed as a learning tool for students in the cybersecurity and technology related fields.