It's 3 AM. You're a Tier-1 SOC analyst on your first night shift. The SIEM is loud, your boss is louder, and somewhere in the network, an attacker is already inside.

Marcus from the day shift has your back on the chat. He knows the systems, knows the playbook, and has seen everything you're about to see — twice.

What you'll do

  • Triage 30 real-world SOC alerts across three night shifts. Every alert is a real MITRE ATT&CK technique pulled from real incidents — encoded PowerShell, lolbins, lateral movement, credential dumping, the whole catalog.
  • Make four decisions per alert: ALLOW, BLOCK, ESCALATE, or INVESTIGATE further (which costs you time but reveals hidden fields).
  • Listen to your mentor. Marcus chats you through the first night and gradually pulls back. He's funny, he's kind, he knows the systems better than anyone.
  • Read the corporate cringe when you over-block. Yes, the marketing team will email you. No, the CEO does not appreciate you blocking his "totally legitimate side project" in PowerShell.

Three endings — one playthrough

How early you spot the truth determines how the night ends. Some players catch on by alert #3. Some catch on by night three. Some never catch on, and that's when things get… interesting.

After the ending, a review screen walks you through every decision you made — your action vs. the correct action, with MITRE technique references and explanations. So whether or not you noticed, you'll learn.

Made for

  • SOC analysts who want to laugh at their own profession
  • Anyone curious what cybersecurity work actually looks like on the inside
  • Players of Papers Please, Orwell, Hacknet, or any thinking-genre game
  • Anyone who likes story-driven puzzle horror with three layers of misdirection

Real techniques, real references

Built around MITRE ATT&CK, with detection logic inspired by Sigma rules and attack patterns from Atomic Red Team. Process names, command-line flags, and Windows / Sysmon Event IDs are drawn from real incident reports. (IOC values are mocked — no actual malicious data is used.)

This is a game, not professional training. But you might learn something anyway.

Controls

  • Mouse: click decision buttons, click chat, click anywhere to dismiss popups
  • Keyboard (optional): A / B / E / I for the four actions, Enter to advance
  • Browser: works in any modern browser. Best on desktop / laptop. Sound recommended — Marcus types, the SIEM beeps, and night three has something you'll want to hear.

How long is a session?

About 10–15 minutes for one full playthrough. Maybe 25 if you investigate everything. You'll probably want to play it twice.

A note on accuracy

If you're in InfoSec and you spot something I got wrong — please tell me in the comments. The point is to be authentic, and I'd rather fix a flag value than have a SOC analyst roll their eyes at it.

Disclaimer

This is a work of fiction. All organizations, employees, incidents, and CEOs in kimonos depicted are fabricated. Any resemblance to real breaches is depressingly likely.

"He was already inside."

More information
Updated 1 day ago
Published 18 days ago
StatusReleased
PlatformsHTML5
Release date 18 days ago
Rating
Rated 5.0 out of 5 stars
(1 total ratings)
Authorsucky_charm
GenreSimulation, Educational
Tagscybersecurity, Hacking, mitre, Multiple Endings, Narrative, soc-simulator, Story Rich, terminal, Working Simulator
Average sessionA few minutes
LanguagesEnglish
InputsKeyboard, Mouse, Touchscreen
AI DisclosureAI Assisted, Code

Development log

Leave a comment

Log in with itch.io to leave a comment.