Malware & Monsters
🏠 Home
📖 Players Handbook
🎯 IM Handbook
👥 Community
❓ FAQ
📧 Contact
🔒 Data Policy
📚 Glossary
📥 Downloads
📱 HTML (Offline)
📖 Players Handbook (HTML)
🎯 IM Handbook (HTML)
📄 PDF Files
📖 Players Handbook (PDF)
🎯 IM Handbook (PDF)
🎯 IM Handbook
0. Facilitation Philosophy
1. Sly Flourish Principles
2. Session Preparation
3. Comprehensive Scenario Types Guide
4. Malmon System Mastery
5. Role-Based Team Facilitation
6. Managing the Progression System
7. Containment Mechanics
8. Technical Foundation
9. Running Sessions
10. Practical Facilitation Techniques
11. Session Management
12. Advanced Troubleshooting
13. Advanced Scenarios
14. Community Tournaments
🎭 Role Cards
🔍 Detective - Cyber Sleuth
🛡️ Protector - Digital Guardian
📡 Tracker - Network Analyst
📢 Communicator - Stakeholder Liaison
⚡ Crisis Manager - Incident Commander
🎯 Threat Hunter - Proactive Defender
🧬 Malmon Cards
🔥 Contemporary Malmons
GaboonGrabber: The First Malmon
WannaCry: The Global Pandemic
🕰️ Stuxnet: The Digital Weapon
Raspberry Robin: The USB Propagator
Noodle RAT: The Fileless Ghost
LitterDrifter: The Geopolitical Wanderer
FakeBat: The Software Masquerader
WireLurker: The Cross-Platform Bridge
LockBit: The Ransomware Empire
📜 Legacy Malmons
Code Red: The Internet Worm 🕰️
Gh0st RAT: The Remote Control Specialist 🕰️
PoisonIvy: The Classic Remote Control 🕰️
🦠 Scenario Cards
Code Red
Code Red Scenario: University Technology Services Crisis (2001)
Code Red Historical Case Study: University Infrastructure During 2001 Internet Worm Outbreak
Code Red Scenario: Department of Public Services Crisis
Department of Public Services: Government Infrastructure Under Attack During Tax Season
Code Red Scenario: Cloud Infrastructure Mass Exploitation
CloudCore Solutions: Multi-Tenant SaaS Platform During Automated Worm Propagation
Code Red Scenario: Web Hosting Company Crisis
NetHost Solutions: Web Infrastructure Crisis During E-Commerce Peak Season
Code Red Scenario: State University System Crisis
State University System: Web Infrastructure Crisis During Fall Registration
Code Red Scenario: E-commerce Platform Crisis
ShopCore Technologies: E-Commerce Infrastructure Crisis During Black Friday Weekend
Fakebat
FakeBat Scenario: Freelancer Coworking Space
Innovation Hub: Professional Community Multi-Tenant Crisis
FakeBat Scenario: Nonprofit Organization Deception
Community Outreach Foundation: Charitable Mission Crisis During Fundraising Gala
FakeBat Scenario: Gaming Cafe Network Infection
Level Up Gaming Cafe: Public Entertainment Venue During Championship Tournament
FakeBat Scenario: Small Business Software Trap
Creative Solutions Studio: Agency Survival During Major Client Pitch
Gaboon Grabber
GaboonGrabber Scenario: RegionalBank Compliance Crisis
RegionalBank: Community Banking Under Federal Oversight During Compliance Crisis
GaboonGrabber Scenario: StateU Financial Aid Crisis
StateU: Public University Financial Aid Crisis During Disbursement Deadline
GaboonGrabber Scenario: SteelCorp Manufacturing Crisis
SteelCorp Manufacturing: Industrial Processor During Critical Contract Delivery
GaboonGrabber Scenario: Healthcare Implementation Crisis
MedTech Solutions: Healthcare Implementation Crisis During Hospital Go-Live
Ghost Rat
Ghost RAT Scenario: Corporate Espionage Network Discovery (2008)
Pacific Trade Solutions: Discovering Nation-State Espionage in 2008
Ghost Rat Scenario: Metropolitan Research University Theft
Metropolitan Research University: Academic IP Theft During Publication Deadline
Ghost Rat Scenario: Meridian Capital Management Espionage
Meridian Capital Management: Investment Firm During Merger Announcement Week
Ghost Rat Scenario: Blackstone & Associates Surveillance
Blackstone & Associates: Attorney-Client Privilege Under Remote Surveillance
Gh0st RAT Scenario: Advanced Corporate Espionage Campaign
InnovaTech Dynamics: Government Contractor Crisis During Security Clearance Review
Ghost Rat Scenario: Titan Defense Systems Surveillance
Titan Defense Systems: Classified Weapons Crisis During Delivery Deadline
Litter Drifter
Litter Drifter Scenario: International Aid Organization
Global Relief Alliance: Humanitarian NGO Facing Intelligence Collection During Crisis Response
Litter Drifter Scenario: Ministry of Digital Infrastructure
Ministry of Digital Infrastructure: Ukrainian Government Under Nation-State Espionage
Litter Drifter Scenario: News Media Network
Independent Chronicle: Press Freedom Under Nation-State Surveillance
Litter Drifter Scenario: Aegis Defense Systems Espionage
Aegis Defense Systems: Military Contract Crisis During Reconnaissance System Delivery
Lockbit
LockBit Scenario: Global Logistics Crisis
Organizational Context
LockBit Scenario: Municipality Payroll Crisis
Organizational Context
LockBit Scenario: Sterling Legal Group Merger Crisis
Sterling Legal Group: Law Firm During Critical Merger Closing
LockBit Scenario: Cedar Valley Medical Center Crisis
Cedar Valley Medical Center: Major Hospital Facing Data Theft Ransomware
Noodle Rat
Noodle Rat Scenario: Tech Unicorn Algorithm Theft
Organizational Context
Noodle Rat Scenario: Aerospace Engineering Espionage
SkyTech Aerospace: Defense Contractor Under Fileless Espionage
Noodle Rat Scenario: Investment Bank Trading Floor
Capital Markets International: Trading Floor Crisis During Market Volatility Peak
Noodle Rat Scenario: Biotech Research Surveillance
BioGenesis Labs: Pharmaceutical Research Company Facing FDA Submission During Research Theft
Poison Ivy
Poison Ivy Scenario: Remote Access Discovery Timeline (2005)
Organizational Context
Poison Ivy Scenario: Wealth Management Partners Surveillance
Wealth Management Partners: Investment Advisory During Quarterly Client Review Period
Poison Ivy Scenario: Supply Chain Software Infiltration
Organizational Context
Poison Ivy Scenario: Law Enforcement Surveillance
Metro Police Department: Law Enforcement During Major Organized Crime Investigation
Poison Ivy Scenario: Corporate Espionage Campaign
InnovateTech Solutions: AI Software Company Facing Product Launch Espionage
Poison Ivy Scenario: Medical Practice Patient Data
Riverside Medical Group: Multi-Specialty Practice Facing HIPAA Audit During Patient Data Breach
Raspberry Robin
Raspberry Robin Scenario: Precision Manufacturing Corp Outbreak
Precision Manufacturing Corp: Aerospace Parts Production During Critical Contract Delivery
Raspberry Robin Scenario: State Department of Revenue Breach
State Department of Revenue: Government Agency During Tax Season Peak Operations
Raspberry Robin Scenario: Healthcare Network USB Outbreak
Regional Health System: Multi-Hospital Network During USB-Driven Workflows
Raspberry Robin Scenario: Community First Bank Network
Community First Bank: Regional Banking Network During USB-Driven Transaction Processing
Stuxnet
Stuxnet Scenario: Power Plant Maintenance Window
Columbia River Power Station: Nuclear Facility Crisis During Maintenance Deadline
Stuxnet Scenario: Nuclear Engineering Corporation Crisis (2010)
Organizational Context
Stuxnet Scenario: Research Facility Milestone
Organizational Context
Stuxnet Scenario: Smart Grid Infrastructure Sabotage
Organizational Context
Stuxnet Scenario: Water Treatment SCADA Deployment
Metro Water Authority: Critical Infrastructure Under EPA Compliance Deadline
Stuxnet Scenario: TechCore Semiconductors Defense Contract
TechCore Semiconductors: Defense Manufacturing Under National Security Deadline Pressure
Wannacry
WannaCry Scenario: Transportation Peak Season
TransGlobal Logistics: Supply Chain Crisis During Holiday Peak Season
WannaCry Scenario: Municipality Payroll Crisis
Springfield City Government: Municipal Operations During Quarterly Payroll Processing
WannaCry Scenario: Morrison & Associates Case Crisis
Morrison & Associates: Class-Action Litigation Under Court Filing Deadline Crisis
WannaCry Scenario: Memorial Health System Emergency
Memorial Health System: Regional Hospital During Peak Flu Season
Wire Lurker
WireLurker Scenario: Tech Startup Development Environment
Organizational Context
WireLurker Scenario: Media Company Cross-Device Infection
Organizational Context
WireLurker Scenario: Educational Technology Cross-Platform Breach
EduTech Solutions: Student Data Crisis During School District Deployment
WireLurker Scenario: Design Agency Cross-Platform Outbreak
Creative Studios Inc: Design Agency Facing Cross-Platform Creative Work Theft
📚 Walkthroughs & Examples
Legacy Malmon Facilitation Examples
Complete Sessions
GaboonGrabber Complete Session Walkthrough
Stuxnet Strategic Response Walkthrough
WannaCry Crisis Management Walkthrough
Problem Scenarios
Expert-Dominated Group Problem Scenario
Lost Group Recovery Scenario
Silent Group Problem Scenario
🚀 Getting Started
IM Quick Start Guide
Quick Demo Template
New IM 30-Minute Scenario Card Preparation
🛠️ IM Tools & Templates
Practical Tools & Resources
Session Scripts
Closing Script and Debrief
Opening Script for New IMs
Round Transition Scripts
Question Banks
Discovery Phase Question Bank
Emergency Questions for Stuck Groups
Investigation Phase Question Bank
Response Phase Question Bank
Preparation Templates
5-Minute Scenario Card Preparation
Advanced Challenge Template
Game Configuration Worksheet
Full Game Template
Game Configuration Guide
IM Session Prep Worksheet
Legacy Malmon Prep Guide
Lunch & Learn Template
New IM 30-Minute Scenario Card Preparation
NPC Development Guide
Organizational Context Library
IM Player Assessment Sheet
Quick Demo Template
M&M Scenario Card Template
Scenario Templates
Story-Driven Preparation Workflow
Scenario Walkthroughs
Reference Materials
📋 IM Resources & References
Emergency Facilitation Protocols
Role Cards Reference for Incident Masters
On this page
Scenario Templates
Session Prep Frameworks
Question-Driven Discovery
Real-Time Facilitation
Edit this page
View source
Report an issue
Scenario Templates
These templates provide reusable frameworks for creating custom scenarios.
Session Prep Frameworks
5-Minute Scenario Card Preparation
New IM 30-Minute Scenario Card Preparation
Question-Driven Discovery
Discovery Phase Question Bank
Investigation Phase Question Bank
Response Phase Question Bank
Emergency Questions for Stuck Groups
Real-Time Facilitation
Technical Gap Protocols
M&M Scenario Card Template
Story-Driven Preparation Workflow