1. Phish Or Legit
Fast email judgment
Players review short email scenarios and classify them by sender, link, tone, attachment, and authentication clues.
Mini-Game Arcade
A creative catalog for turning security judgment into safe play.
Use this page to review the proposed mini-games before we build them. Each idea is defensive, browser-safe, and designed to teach evidence, prioritization, communication, or workflow judgment without scanning real systems.
Build First
Best first playable batch
These are the strongest first releases because they match existing Vuln Signal content and can be implemented with local data, no risky live testing, and clear replay value. The expanded catalog below adds board, timeline, chain, card, budget, map, and mobile-style mechanics.
2. Patch Panic
Prioritize under pressure
Players drag limited patch capacity across CVEs while balancing KEV, EPSS, exposure, business impact, rollback risk, and fixed-version availability.
3. CVE Courtroom
Argue with evidence
Players decide whether a claim is proven, not proven, or needs validation, then rewrite risky language into safe operational wording.
4. Scanner Finding Trial
Validate noisy findings
Players inspect scanner output, vendor notes, version clues, backports, feature state, and exposure before accepting or closing a finding.
5. Executive Brief Boss Fight
Communicate without overclaiming
Players convert messy vulnerability details into a concise leader update with owners, blockers, caveats, and next-review timing.
Shared Backend Catalog
What the site and Android app can both read
Loading game API status.
Category
Difficulty
Catalog
Mini-games grouped by the skill they train
Awareness
Phish Or Legit
Goal: classify suspicious emails. Mechanic: reveal clues one at a time, then decide. Score: accuracy, clue discipline, and safe explanation.
Awareness
Inbox Impostor
Goal: spot brand impersonation. Mechanic: compare display name, sender domain, reply-to, link target, and pressure language. Score: false-positive control and escalation choice.
Awareness
QR Trap
Goal: choose safe QR-code behavior. Mechanic: inspect context, requested action, destination clue, and alternative verification path. Score: verification before trust.
Awareness
MFA Fatigue Defender
Goal: respond to repeated login prompts. Mechanic: choose actions across push spam, password reset, account lock, and reporting. Score: containment speed and communication.
Operations
Patch Panic
Goal: allocate limited patch windows. Mechanic: rank work by exploitation, exposure, asset value, rollback risk, and fix confidence. Score: priority quality and unused-risk reduction.
Operations
Mitigation Match
Goal: pick temporary controls when patching is blocked. Mechanic: match WAF, segmentation, disablement, monitoring, or access restriction to scenario constraints. Score: control fit and review timing.
Operations
SLA Sprint
Goal: choose response deadlines. Mechanic: inspect exploit maturity, exposure, confidence, safety, and business impact. Score: deadline realism and caveat quality.
Operations
No-Patch Navigator
Goal: handle unavailable or risky fixes. Mechanic: choose monitor, mitigate, vendor escalation, exception, or owner validation. Score: keeping risk owned and time-bounded.
Evidence
CVE Courtroom
Goal: separate proven claims from assumptions. Mechanic: review exhibits and rule on exposure, exploitation, affected scope, or remediation claims. Score: proof discipline.
Evidence
Scanner Finding Trial
Goal: validate or reject scanner output. Mechanic: inspect plugin text, product version, package lineage, backport notes, and owner evidence. Score: false-positive handling.
Evidence
Signal Sorter Rush
Goal: classify fast-moving vulnerability clues. Mechanic: drop cards into exploitation, exposure, remediation, trust, and business-context lanes. Score: speed plus category accuracy.
Evidence
Backport Detective
Goal: avoid bad affected-version conclusions. Mechanic: compare upstream versions, distro advisories, package changelogs, and scanner assumptions. Score: correct closure evidence.
Threat Intel
KEV Or Hype
Goal: interpret exploitation signals correctly. Mechanic: compare KEV, EPSS, PoC, vendor language, and public chatter. Score: urgency without overclaiming local exposure.
Threat Intel
Exploit Chain Builder
Goal: understand prerequisite chains. Mechanic: assemble initial access, auth state, vulnerable component, execution, and impact cards. Score: realistic chain logic.
Threat Intel
IOC Triage Table
Goal: decide what belongs in detection. Mechanic: classify domains, hashes, paths, URLs, and behaviors as useful, noisy, or unsafe to trust. Score: detection value and caveats.
Threat Intel
Vendor Advisory Escape Room
Goal: extract the actionable path from advisory text. Mechanic: unlock fixed version, prerequisites, affected platforms, mitigations, and escalation questions. Score: complete advisory read.
Communication
Executive Brief Boss Fight
Goal: write a safe update under pressure. Mechanic: pick facts, caveats, owners, blockers, and asks while avoiding unsupported claims. Score: clarity and claim safety.
Communication
Ticket Surgeon
Goal: repair vague vulnerability tickets. Mechanic: add affected proof, owner ask, action lane, due date, rollback note, and validation evidence. Score: ticket executability.
Communication
Escalation Ladder Climb
Goal: choose the right owner. Mechanic: route cases to SOC, IR, patch, vendor, risk, legal, or leadership with a reason. Score: routing precision and next step.
Communication
Closure Stamp
Goal: close work without pretending more than the evidence supports. Mechanic: choose patched, mitigated, not affected, accepted risk, false positive, or pending evidence. Score: closure quality.
Design Rules
How the games should feel
Use seeded scenarios, public concepts, local scoring, and clear defensive framing.
Rotate short cases, constraints, fake companies, score modifiers, and feedback prompts.
Each round should produce a decision, handoff, ticket, brief, detection note, or evidence checklist.
Prefer cards, segmented choices, drag alternatives, and short feedback that works in the Android WebView.
Recommended build order: start with Phish Or Legit, Patch Panic, CVE Courtroom, Scanner Finding Trial, and Executive Brief Boss Fight. Then add mitigation, ticket, escalation, and advisory games once the scoring pattern is proven.