Open source security education

Turn cyber risk into a game your team can actually play.

B0rks is a printable card game and facilitation toolkit for teaching threat modeling, realistic attacks, and practical mitigations through friendly competition.

Download on GitHub See how it plays
25
attack cards
5
kill-chain stages
100
points to win
Attack

Broken Authentication Flow

A realistic threat blocks progress until the target team designs a credible mitigation.

Mitigation

Concrete Controls Win

Players write specific design, process, or policy changes to clear active attacks.

Progress

Secure the System

Advance only when your team has no active attacks.

Built from MITRE ATT&CK MITRE D3FEND OWASP Top 10 Cyber Kill Chain

How it works

Play, defend, debrief.

B0rks adapts the race-game feel of Mille Bornes into a security workshop. Teams attack each other with plausible software threats, then defend their own systems with mitigation cards the table can evaluate.

01

Attack

Play realistic threat cards on another team and explain how they could affect a typical project.

02

Mitigate

Write a concrete control or practice that reduces the active risk, then defend your reasoning.

03

Advance

When no active attacks remain, play progress cards and race toward 100 security points.

Learning path

Five stages of practical security thinking.

1

The Fog of War

Reconnaissance vs. threat intelligence

2

The Threshold

Breach vs. access control

3

The Hunt

Infiltration vs. detection

4

The Silent Siege

Takeover vs. endpoint response

5

The Reckoning

Credibility vs. coordinated response

Great for workshops, retreats, classrooms, and onboarding.

  • Teach security vocabulary through active play.
  • Practice threat modeling without a dry lecture.
  • Collect attack/mitigation pairs for a real after-game debrief.
  • Adapt the generated decks to your domain or audience.

For facilitators

Learning outcomes that survive the game.

Every round asks players to connect an attack to a realistic system and propose an implementable mitigation. The result is a collaborative security exercise that surfaces risks, tradeoffs, and improvement ideas.

Open source

Generate, customize, and improve the deck.

The B0rks project includes a command-line deck generator, schema-driven stages, and source data integrations so security educators can inspect the content and tailor it to their needs.

task install
./bin/b0rk deck generate
./bin/b0rk deck --random generate
./bin/b0rk deck --output deck.yaml generate

Ready to b0rk better?

Bring hands-on security education to your next team session.

Get B0rks