Malware & Monsters
🏠 Home
📖 Players Handbook
🎯 IM Handbook
👥 Community
❓ FAQ
📧 Contact
🔒 Data Policy
📚 Glossary
📥 Downloads
📱 HTML (Offline)
📖 Players Handbook (HTML)
🎯 IM Handbook (HTML)
📄 PDF Files
📖 Players Handbook (PDF)
🎯 IM Handbook (PDF)
🎯 IM Handbook
0. Facilitation Philosophy
1. Sly Flourish Principles
2. Session Preparation
3. Comprehensive Scenario Types Guide
4. Malmon System Mastery
5. Role-Based Team Facilitation
6. Managing the Progression System
7. Containment Mechanics
8. Technical Foundation
9. Running Sessions
10. Practical Facilitation Techniques
11. Session Management
12. Advanced Troubleshooting
13. Advanced Scenarios
14. Community Tournaments
🎭 Role Cards
🔍 Detective - Cyber Sleuth
🛡️ Protector - Digital Guardian
📡 Tracker - Network Analyst
📢 Communicator - Stakeholder Liaison
⚡ Crisis Manager - Incident Commander
🎯 Threat Hunter - Proactive Defender
🧬 Malmon Cards
🔥 Contemporary Malmons
FakeBat: The Software Masquerader
GaboonGrabber: The First Malmon
LitterDrifter: The Geopolitical Wanderer
LockBit: The Ransomware Empire
Noodle RAT: The Fileless Ghost
Raspberry Robin: The USB Propagator
WannaCry: The Global Pandemic
WireLurker: The Cross-Platform Bridge
📜 Legacy Malmons
Code Red: The Internet Worm 🕰️
Gh0st RAT: The Remote Control Specialist 🕰️
PoisonIvy: The Classic Remote Control 🕰️
Stuxnet: The Digital Weapon 🕰️
🤝 Community Malmons
The Inquisitor
🦠 Scenario Cards
Code Red
Historical Foundation
Code Red Scenario: Historical University Crisis (2001)
Handout A: IIS Access Log Analysis
Handout B: Network Traffic Analysis Report
Handout C: Help Desk Ticket Summary
Contemporary Scenarios
Code Red Scenario: Cloud Infrastructure Mass Exploitation
Code Red Scenario: E-commerce Platform Crisis
Code Red Scenario: Government Portal Crisis
Code Red Scenario: University Web Services Crisis
Code Red Scenario: Web Hosting Company Crisis
Fakebat
FakeBat Scenario: Gaming Cafe Network Infection
FakeBat Scenario: Nonprofit Organization Deception
FakeBat Scenario: Freelancer Coworking Space
FakeBat Scenario: Small Business Software Trap
Gaboon Grabber
GaboonGrabber Scenario: Financial Compliance Crisis
GaboonGrabber Scenario: Healthcare Implementation Crisis
GaboonGrabber Scenario: Manufacturing Vendor Crisis
GaboonGrabber Scenario: Education Financial Aid Crisis
Gh0st RAT
Historical Foundation
Gh0st RAT Scenario: Historical Corporate Espionage (2008)
Handout A: Spear-Phishing Email Sample
Handout B: Command & Control (C2) Connection Log
Handout C: Exfiltrated Files Report
Contemporary Scenarios
Gh0st RAT Scenario: Corporate Technology Espionage Campaign
Gh0st RAT Scenario: Defense Contractor Surveillance
Gh0st RAT Scenario: Financial Firm Espionage
Gh0st RAT Scenario: Law Firm Client Surveillance
Gh0st RAT Scenario: Research University Surveillance
Litter Drifter
LitterDrifter Scenario: Government Ministry Coordination
LitterDrifter Scenario: International Aid Coordination
LitterDrifter Scenario: Defense Contractor Espionage
LitterDrifter Scenario: Media Network Source Protection
Lockbit
LockBit Scenario: Hospital Emergency Crisis
LockBit Scenario: Municipality Payroll Crisis
LockBit Scenario: Transport and Shipping Crisis
LockBit Scenario: Law Firm Case Preparation Crisis
Noodle Rat
Noodle RAT Scenario: Tech Unicorn Algorithm Theft
Noodle RAT Scenario: Investment Bank Trading Floor
Noodle RAT Scenario: Aerospace Engineering Espionage
Noodle RAT Scenario: Biotech Research Surveillance
Poison Ivy
Historical Foundation
Poison Ivy Scenario: Historical Remote Access Crisis (2011)
Handout A: Spear-Phishing Email Sample
Handout B: Antivirus Detection & Evasion Log
Handout C: Windows Event Log - Lateral Movement
Contemporary Scenarios
Poison Ivy Scenario: Corporate Espionage Campaign
Poison Ivy Scenario: Financial Advisory Surveillance
Poison Ivy Scenario: Law Enforcement Surveillance
Poison Ivy Scenario: Medical Practice Patient Data
Poison Ivy Scenario: Supply Chain Infiltration
Raspberry Robin
Raspberry Robin Scenario: Healthcare Network USB Outbreak
Raspberry Robin Scenario: Manufacturing Floor
Raspberry Robin Scenario: Government Office
Raspberry Robin Scenario: Financial Branch Offices
Stuxnet
Historical Foundation
Stuxnet Scenario: Historical Nuclear Facility Crisis (2010)
Handout A: SCADA Diagnostic Output
Handout B: USB Device Installation Log
Handout C: Driver Signature Validation Log
Contemporary Scenarios
Stuxnet Scenario: Manufacturing Deadline
Stuxnet Scenario: Power Plant Maintenance Window
Stuxnet Scenario: Research Facility Milestone
Stuxnet Scenario: Smart Grid Infrastructure Sabotage
Stuxnet Scenario: Water Treatment SCADA Deployment
The Inquisitor
The Inquisitor: Compliance Breach
Handout A: DSAR Request Samples
Handout B: DSAR Response Export
Handout C: Security Alert Log
Handout D: Slack Thread #privacy-team
WannaCry
WannaCry Scenario: Hospital Emergency
WannaCry Scenario: Municipality Payroll Crisis
WannaCry Scenario: Transport and Shipping Crisis
WannaCry Scenario: Law Firm Case Crisis
Wire Lurker
WireLurker Scenario: Design Agency
WireLurker Scenario: Media Company
WireLurker Scenario: Tech Startup
WireLurker Scenario: Education Technology
📚 Walkthroughs & Examples
Legacy Malmon Facilitation Examples
Complete Sessions
GaboonGrabber Complete Session Walkthrough
Stuxnet Strategic Response Walkthrough
WannaCry Crisis Management Walkthrough
Problem Scenarios
Expert-Dominated Group Problem Scenario
Lost Group Recovery Scenario
Silent Group Problem Scenario
🚀 Getting Started
IM Quick Start Guide
Quick Demo Template
New IM 30-Minute Scenario Card Preparation
🛠️ IM Tools & Templates
Practical Tools & Resources
Session Scripts
Closing Script and Debrief
Opening Script for New IMs
Round Transition Scripts
Question Banks
Discovery Phase Question Bank
Emergency Questions for Stuck Groups
Investigation Phase Question Bank
Response Phase Question Bank
Preparation Templates
5-Minute Scenario Card Preparation
Advanced Challenge Template
Game Configuration Worksheet
Full Game Template
Game Configuration Guide
IM Session Prep Worksheet
Legacy Malmon Prep Guide
Lunch & Learn Template
New IM 30-Minute Scenario Card Preparation
NPC Development Guide
Organizational Context Library
IM Player Assessment Sheet
Quick Demo Template
M&M Scenario Card Template
Scenario Templates
Story-Driven Preparation Workflow
Scenario Walkthroughs
Reference Materials
📋 IM Resources & References
Emergency Facilitation Protocols
Role Cards Reference for Incident Masters
On this page
Scenario Templates
Session Prep Frameworks
Question-Driven Discovery
Real-Time Facilitation
Edit this page
View source
Report an issue
Scenario Templates
These templates provide reusable frameworks for creating custom scenarios.
Session Prep Frameworks
5-Minute Scenario Card Preparation
New IM 30-Minute Scenario Card Preparation
Question-Driven Discovery
Discovery Phase Question Bank
Investigation Phase Question Bank
Response Phase Question Bank
Emergency Questions for Stuck Groups
Real-Time Facilitation
Technical Gap Protocols
M&M Scenario Card Template
Story-Driven Preparation Workflow