Players Quick Start Guide

Welcome! Follow these steps to be ready for your first Malware & Monsters session in about 10 minutes.

Your First Session in 5 Steps

Skim what M&M is (2 min) — Read the opening of the Introduction to understand the vibe and goals.
Get a role (2 min) — Your IM assigns you a role in the game Incident Response Roles.
Open your role card (2 min) — Keep the matching card handy in Role Cards.
Join the scenario your IM opens (2 min) — Keep the scenario card handy and your role card open for quick reference.

This guide (for the steps)
Your Role Card and the Quick Reference
The current Scenario Card (your facilitator will share or you can open it from the link above)
Optional: a simple notepad to jot clues and actions

⚖️ First-Order Rules: The Minimum You Need to Play

The absolute essentials to start playing right now:

The Core Loop: The IM describes symptoms \rightarrow You take one action \rightarrow The IM describes the results and evolves the threat.
Success Mechanic: Simple actions succeed automatically. For complex actions, roll a d20. A 10 or higher usually succeeds.
Collaboration: When you work together with a teammate on an action, you get a +3 bonus or roll two dice and take the higher.
The Goal: Contain the threat (using your role’s expertise) before time runs out or the Malmon evolves.

Everything else – specific types, advanced modifiers, and complex strategies – you’ll learn through discovery during the game.

Detective (Cyber Sleuth): Find clues, connect evidence, build the timeline.
Protector (Digital Guardian): Contain the threat and keep systems running.
Tracker (Data Whisperer): Watch the network, follow data flows, block exfil.
Communicator (People Whisperer): Coordinate people, translate impact, manage stakeholders.
Crisis Manager (Incident Commander): Set priorities, allocate resources, keep the team moving.
Threat Hunter (Pattern Seeker): Hunt hidden threats, anticipate next moves, use intel.

See full details in Role Cards and the Quick Reference.