ThreatGen: Red vs. Blue cover
ThreatGen: Red vs. Blue screenshot
Linux PC Mac Steam
Genre: Simulator, Strategy, Indie

ThreatGen: Red vs. Blue

1.10.4 Release Notes
Version 1.10.4 released quickly after 1.10.3 to provide needed hotfixes. We were also able to add a few more feature improvements. This is expected to be the last minor update before 1.11 ships with some exciting upgrades!

Version 1.10.4 Release Notes

Fixes

• RVB1-1084 Internal Vulnerability Assessment has the requirement of implementing Asset Inventory
• RVB1-1083 Internal Penetration Test has a requirement of doing at least one vulnerability assessment beforehand
• RVB1-1078 Can't gather forensics on denials
• RVB1-1076 Missing space between sentences in "Rogue Device Detected!" notification
• RVB1-1071 Condition checkers need to be reinitialized after scenario playback
• RVB1-1070 Backing up a compromised asset and restoring it gives more TI for the same compromise
• RVB1-898 TTX - Loading a scenario that uses the base maps will cause the game to use that scenario every time the map is selected (incognito-only)
• RVB1-602 Some close buttons on BT have red borders

Features and Upgrades

• RVB1-1086 Increase chance of new vulnerabilities when patching
• RVB1-1081 Added visual animation to start screen background, wiki, and notifications dialogues
• RVB1-1080 Improved UI visuals (enhanced color vibrancy/saturation)
• RVB1-1073 Remove Asset Inventory prereq from any action that uses it
• RVB1-1072 TTX - Suppress notifications during scenario playback
• RVB1-1067 Persistence research now buffs Install Ransomware and Disruptive Malware
• RVB1-1066 BT Vuln assessment accelerates patch availability
• RVB1-963 Asset Inventory Updates (can discover rogue device and is multi-playable)
• RVB1-962 Rogue Device updates (acts as remote pivot and IDS discoverability lowered)
• RVB1-936 TTX Scenario-based notification: Trigger notification when all RT control is removed

1.10.3 Release Notes
While we prepare for our big 1.11 release, we have been working diligently on regular fixes and minor upgrades!

Version 1.10.3 Release Notes

Fixes

• RVB1-1037 Typo in "PNL dropped to 25%" notification
• RVB1-1034 Malicious USB Created notification text still has the old location listed (as next to the end turn button)
• RVB1-1030 SCADA HMI on MFG should have the IP address of the field zone after segmentation
• RVB1-1026 ICS Security Monitoring doesn't monitor switches when played before segmentation
• RVB1-1024 Password Attack doesn't contribute to 10 hack bonus
• RVB1-1022 Weak Password and Default Credentials vulns sometimes show up with the "no patch available yet" state
• RVB1-1017 RT AI actions shouldn't know which unknown assets to target
• RVB1-1015 AI Crack Ransomware Key action is still targeted
• RVB1-1011 Missing localization text in the disconnect message whenever RT leaves online multiplayer games
• RVB1-1010 No message about the other player exiting the game is being displayed in online multiplayer games
• RVB1-1003 Hire New Staff can't be stacked using the action tree and the action toolbar
• RVB1-1002 Physical Security skill not considered for RT change location actions
• RVB1-1000 Crack Ransomware Key is targeted, yet it unlocks every locked device on the map if it succeeds
• RVB1-998 Vulnerability Assessment, Penetration Test, Internal Vulnerability Assessment and Internal Penetration Test finish successfully in IR mode
• RVB1-995 IR mode can be deactivated with disconnected assets if they are disconnected earlier than the Deactivate IR action is used within the same turn
• RVB1-988 Need to mute SFX during scenario loading
• RVB1-985 Missing click sound effects
• RVB1-984 Victory music is played after RT gives up in a singleplayer game
• RVB1-979 Fix Budget Defender Milestone
• RVB1-909 Old password dialogue pops up when the game can't contact the server (start screen)

Features and Upgrades

• RVB1-1036 Update scenario scene loading graphics
• RVB1-1035 Add PnL and Ransomware notifications to the general levels
• RVB1-1023 Turn off passive revenue recovery while in IR mode
• RVB1-1020 Account-based game parameters from global-based
• RVB1-1012 Add 16:10 Aspect Ratio Support in Game Scene (via “I” and “+” buttons switch)
• RVB1-1009 TTX Scenario-specific mission text
• RVB1-1008 RT AI Profile: PnL
• RVB1-1007 RT AI Profile: Email
• RVB1-1006 RT AI Profile: General Social Engineering
• RVB1-1005 RT AI Profile: Cyber
• RVB1-1004 RT AI Profile: Physical
• RVB1-996 Set RT resource cost of End Campaign to 0
• RVB1-994 Enable the Hire New Staff action to be used multiple times within the same turn
• RVB1-991 Add controlled assets to restore points
• RVB1-990 Hide score during scenarios
• RVB1-978 Remove "Outdated Software" Vulnerability
• RVB1-977 Make the game start in Network View by default
• RVB1-972 Add RT control cleared win condition to scenario dialogue
• RVB1-969 Change RT minimum point requirement to 1
• RVB1-935 Allow for notifications to trigger based on PnL value
• RVB1-923 Update the "Upgrade Rig" and "Recruit Hackers" actions (resource costs)
• RVB1-876 Implement ability to have different exploitation difficulty per vuln
• RVB1-858 Show undiscovered vulns in different color at end of game
• RVB1-794 Design and implement a better, more human-readable way to display endgame reports (HTML options added)
• Wiki updates to descriptions

1.10.2 Release Notes
While we prepare for our big 1.11 release, we have been working diligently on regular fixes and minor upgrades!

Version 1.10.2 Release Notes

Fixes

• RVB1-980 Mismatch between win condition in multiplayer games with the Blue Team Damaged Their Own Process win condition
• RVB1-976 Turning off Damage ICS Process win condition causes PnL win condition to silently turn off
• RVB1-959 ICS Security Monitoring is marked as already implemented when IR is activated a turn after it is queued, despite the fact that the action fails
• RVB1-956 Host scanning from the onsite pivot reveals hosts previously accessible to the rogue device once it is removed
• RVB1-954 BT can replace compromised assets that they don't know are compromised yet
• RVB1-953 "Prepare Covert Attack" action entry English error
• RVB1-951 Actions that cost money count as spent cash if the action is cancelled afterwards
• RVB1-950 Unable to enter IR mode with only a ransomware lock being discovered
• RVB1-947 ICS Security Monitoring is successful when finished in IR mode
• RVB1-946 Exfiltrate Data should not be available on IDS devices
• RVB1-944 LC&A has an incorrect, overtly long name on BT's action tree both in Japanese and Turkish
• RVB1-938 Restoring backups doesn't restore vulnerability detection and/or resolution statistics properly
• RVB1-932 RT will lose the information on the vulnerabilities an asset has if a backup is restored from before the turn the vulnerabilities were found
• RVB1-931 Restoring from backup doesn't affect detected and resolved incident count metrics
• RVB1-926 Assets can be portscanned and enumerated if their upstream asset is denied/disconnected
• RVB1-921 Last selected attack target is always available, even if the asset is disconnected or already compromised

Features and Upgrades

• RVB1-929 Boost Pilfer Data's buff to Electronic SE skill
• RVB1-924 Reenable the ability to queue actions when it's not your turn without reintroducing RVB1-743

The 1.10.2 Update is Now Live
We been slacking on our update notifications and we apologize! Stay tuned for the release notes for 1.10.2 as well as the release notes for the ones we didn't post in the last few updates.

MAJOR UPDATE! Malware, Ransomware, Improved Incident Response, and More!


WHAT’S NEW?



This latest update represents a pivotal milestone for ThreatGEN® Red vs. Blue. All of the core features and mechanics are now in place for both the game version on Steam as well as the professional platform version. Moving forward, our development efforts will focus on enhancing the entire educational experience with eLearning content and curriculums that support the game, labs and challenges for training curriculums, and several built-in scenarios for incident response (IR) tabletop exercises. But more on all that in a bit. For now, what’s new in this latest update?

PROFIT & LOSS METER





Under the threat intelligence score meter, there is a new profit & loss meter. The profit & loss meter represents the financial and production status of the company in relation to cyber outages. When assets are out of service, infected with malware, or having data exfiltrated, the meter will trend downward toward red until the issues are remediated. The more important the asset, the faster the meter will move. When the meter remains in the red for too long, the Blue Team loses.

NEW RED TEAM WIN CONDITION:



COMPANY PRODUCTION COMPROMISED

This win condition is awarded when the blue team's production drops below a threshold for a set number of turns.

NEW RED TEAM ACTIONS AND STRATEGIES



MALWARE

Installing disruptive malware is one way to disrupt the productivity (profit and loss) of the Blue Team. The effects can be amplified by using the malware to exfiltrate data.

RANSOMWARE

Ransomware is another devastating tool in the Red Team’s arsenal, which represents one of the most concerning threats in recent times. Unless the Blue Team is lucky enough to have a restore point created prior to the initial compromise, the only recourse they have is to pay the ransom (which is very expensive), crack the ransomware encryption key (which is very difficult to do), or replace the asset. Ransomware is a two-step process. The Red Team must first install ransomware and then activate the ransomware.

NEW BLUE TEAM ACTIONS AND STRATEGIES



CREATING RESTORE POINTS

System backups are no longer a “one and done” action that improves your overall chances of cleaning a compromised asset. Now, the system backups action enables the ability to create restore points on each asset as a targeted action. When an asset is infected or compromised, the Blue Team can restore the asset to its last known restore point. However, the last restore point was created after the system was infected or compromised, the asset will still be in the infected or compromised state.

IMPROVED INCIDENT RESPONSE (IR)

All IR actions have been organized into their own grouping in the action tree view and several new IR actions have been added to improve the overall IR simulation.




  • Restore from backup – As already mentioned the Blue Team can restore from backup if they have created a restore point on the affected asset.

  • Disconnect/reconnect the asset from the network – The Blue Team now has the ability to disconnect assets from the network (disconnect from upstream), effectively isolating them and cutting off further malicious activity. As such, the assets can also be reconnected to the network (reconnect to upstream).

  • Respond to ransomware infections – Ransomware infections present two additional and unique options. If you have the resources, you can pay the ransomware to recover your infected systems. Or, if you have enough time and security skills training, you can attempt to crack the ransomware encryption key.

WHAT’S NEXT?



In the first quarter of 2022, we will be launching our complete ThreatGEN® Red vs. Blue portal, which is a single point of access to not only the Red vs. Blue gamification platform, but also includes a complete array of cybersecurity education material, eLearning courses, guides, resources, and incident response (IR) tabletop exercise support, all leveraging the ThreatGEN® Red vs. Blue gamification platform. In addition to on demand eLearning courses, the Q1 2022 launch will also feature tons of new Red vs. Blue gamification content such as scenarios and labs to support the included courses. Focus on enhancing the analytics and reporting features and dashboards will also be a high priority in early 2022.

For organizations wanting to use ThreatGEN® Red vs. Blue to support their IR tabletop exercises, the portal will include built in scenarios and eLearning content to support guided tabletop exercises ready to go “out of the box” without the need for extensive planning or even a facilitator or instructor.

For those of you wondering about upcoming DLC and expansions for the Red vs. Blue game version available on Steam... the answer is YES! Look for DLC for the Steam version by mid 2022 and a single player campaign planned to release later in the year!

Finally, with the existing Red vs. Blue tournament features, and new CTF capabilities on the way, 2022 will see the emergence of regularly scheduled ThreatGEN® Red vs. Blue public competitions and events! Be on the lookout for announcements soon!

Red vs. Blue Q2 2021 Update (Version 1.6) is Live!


The long-anticipated version 1.6 update is live, and it’s not just bug fixes! It is packed with features for improved player experience, replay value, and professional edition enhancements!

Leading the pack are new environments and content. Players are no longer limited to the same network environment every time they play. They can now select from 3 different environments, with more on the way soon (including non-ICS related environments)!



There is also a new mechanic with a new Blue Team win condition… threat intelligence! Gather forensics evidence now in IR with a new action in addition and increase your threat intelligence score. Increase your threat intelligence score high enough and your adversary (the Red Team) will be apprehended for a Blue Team victory! Speaking of score, the old score has been replaced by a ton of much more useful metrics and stats at the end of the game.



The UI has been updated to allow for playing actions, by category, directly from the network view interface.





The old Red Team research actions have been upgraded to a skill progression system for each vulnerability/exploit, allowing you more granularity to “specialize” your expertise.



The network connectivity simulation has been improved. Now, when devices that connect to other downstream devices, such as routers, switches, and firewalls, are in a denied/down state, connectivity to those downstream assets are also unavailable. Visually, the connection lines change from green to gray. This means the Red Team can’t scan them, can’t see them, and can’t use them as a pivot.



What’s in store for the Q3 2021 Updates?



The 1.6 update marked a major milestone that not only provided major visual and functional improvements, but it also laid the foundation for some major upgrades, which will significantly improve long-term replay value. Here are some of what you can expect to see in this quarter’s updates from 1.6.1 through 1.7:


  • Level (network environment) selection will be available in multiplayer internet matches
  • A much-improved network play lobby that will show logged in users, user chat, and more game setting details in the available matches
  • Scenarios and challenges (levels with specific starting points and/or goals or win conditions)
  • A more dynamic computer AI opponent with several different tendencies and varying skill levels
  • New mechanics that track company profit/loss and reputation during incidents
  • Ransomware-based scenarios and mechanics
  • Additional IR communication actions for the Blue Team
  • Additional and more detailed ICS attack actions for the Red Team
  • More content and networks/levels to play
  • Downloadable content (DLC)… more details coming soon
  • And, as usual, we are always trying to improve the quality and value of the simulation experience with new actions, mechanics, adjustments, and other enhancements


Red vs. Blue Version 1.6 - Release notes



Bug Fixes


RVB1-287 BT IR music showing up during the game for the RT across a network game
RVB1-285 The gather forensics action button does not activate when all metrics are met to do so
RVB1-284 Game zooming in while scrolling when in the wiki
RVB1-282 No change in music for between normal mode and IR mode for the BT.
RVB1-281 Max turn limit and timer setting not persistent after playing a game and then exiting that game.
RVB1-280 There is no sound for the Targeting selection function when you choose a targeted action
RVB1-279 IR music plays over end of game music
RVB1-278 Multiple campaigns can be queued at the same time if the RT has enough resources
RVB1-275 The input field for a games seed in the settings menu does not take an entire seed number in game
RVB1-244 Access Cut Off notification still pops up even if you don't actually have any pivots
RVB1-230 Activate IR button doesn't work after refactor
RVB1-223 ActionQueueItem code has unlocalized text
RVB1-220 Detections reporting more than they should to analytics
RVB1-162 Mute not remaining persistent when set at start menu (again)
RVB1-158 Hold-scroll capabilities in scroll views not working properly
RVB1-143 Initializing the targeting selection and selecting a target are the same sounds

New Features


RVB1-286 Asset name generator
RVB1-270 End-game metrics
RVB1-269 Red Team Skills UI
RVB1-267 Re-work config/settings UI
RVB1-265 New Vulnerability UI
RVB1-263 Settings update
RVB1-262 New action menu (by category) in bottom UI
RVB1-261 Allow ending campaign by clicking on campaign status
RVB1-260 Show 0day vulns [Zero-Day] in the attack dialogue vuln drop down
RVB1-259 Show research level in vuln dialogue
RVB1-258 Mouse over help text
RVB1-257 Mimi maps for network view zoom
RVB1-256 Non-targeted action buttons in UI
RVB1-253 Update remote user behavior if VPN is denied
RVB1-252 Redo game save/load state - developer feature
RVB1-251 Redo localization for Asset and Action
RVB1-248 Add zero day indication on vulns in Attack Dialogue
RVB1-247 Automate RemoteUserManager
RVB1-246 Move the mute preference to playerprefs rather than save it in the SO
RVB1-237 Create a downstream/upstream system for assets
RVB1-226 System for calculating cybersecurity and IR costs
RVB1-225 Create a Threat Intelligence win condition for BT
RVB1-209 Add categories to actions for analytics tracking
RVB1-196 Get volume sliders in settings and working
RVB1-178 AI Updates
RVB1-97 Restructure the way assets, zones, connectors, etc. work together to make it more modular and easier to customize
RVB1-92 Create multiple network diagrams (with different zones)
RVB1-87 RT skill level indicator, per vuln
RVB1-59 Additional Network Layouts

Red vs. Blue version 1.5 is now live!


The scheduled 1.5 turned out to be so big with so many features that we ended up having to split it up. So this 1.5 is the first half, focusing on player experience enhancements, and then in a few weeks we will release the other half as 1.6, focusing on replay value enhancements. Yes, we are completely skipping minor versions of 1.5 and going straight to 1.6!

So what's in the 1.5 update?

  1. Several minor bug fixes.
  2. Several minor visual enhancements.
  3. A LOT of visual and mechanical upgrades for a better user experience such as a new mechanic that allows you to click on assets and objects to play actions related to them instead of having to keep going back to the action menu every single time.
  4. The action queue doesn't open every single time you play an action now. Instead, it just gives you an indicator that there are items in the queue, and how many.
  5. The action queue now lets you know how many resources each action in the queue takes up.
  6. You can now click on the assets and the resource icons at the top left of your screen to play actions.
  7. More information is now attached to the assets such as host name, IP Address, MAC Address, and more. We did this for 2 reasons. The first is that it is setting up something much bigger coming later. Can't tell you what yet. But also, this provides more depth, especially for the Red Team, in terms of the value of information obtained at each phase of the Red Team discovery process. This also adds more depth to the Red Team process and strategy.
  8. All of the MAC addresses, network address, and host IP Addresses are generated dynamically at the start of the game.

What's will be in the 1.6 update?

All of the new levels (networks), new actions, a new Blue Team Win condition, and some new concepts are coming in 1.6. What are the new networks? We aren't saying yet. What are the new Actions? We aren't saying yet but some ore ICS related, some are IR related, and some are general improvements. What are the new concepts? Hint: You will now have a threat intelligence score, a company revenue score, and more details in the end game screen such as how much you spent on cybersecurity, how much you spent on IR, and other stats. The new win condition will be based on gathering threat intelligence information during IR actions.

ThreatGEN® Red vs. Blue 90-Day Features Roadmap


Sugarland, Texas (April 6, 2021) – ThreatGEN, an OT cybersecurity firm and creator of the ThreatGEN® Red vs. Blue Cybersecurity Gamification platform, announced today their 90-Day and 2021 features roadmap. Having recently released an important foundational update (1.4.2) that implemented and upgraded necessary “back end” engine components, the stage is now set for a list of highly requested major features.

“Red vs. Blue has already proven to be a cybersecurity training and gamification pioneer and industry disruptor in so many ways. But the features we have set to launch this year really are going to take cybersecurity training to a whole new level,” said Clint Bodungen, ThreatGEN’s Co-founder, CEO, and ThreatGEN® Red vs. Blue creator. “This is a testament to the fantastic communication and cooperative relationship we have with our customers, players, and the growing Red vs. Blue community. They have all been instrumental in Red vs. Blue’s evolution and success,” he added.

90-Day Features Roadmap




  • Several new network environments/scenarios and win conditions – Previously, the game was played within a single network environment. There will now be multiple networks to choose from (or have one randomly selected), across several different industries with different win conditions.
  • Tabletop Exercise Module (Professional and Enterprise editions only) – Highly requested by our enterprise customers, this module will allow for a much more immersive, visual, and entertaining way to provide tabletop IR exercises.
  • Customizable environments (Enterprise edition only) – We can customize the in-game network environment to resemble our enterprise customers’ networks.
  • Level 2 analytics with additional learning objective-based performance metrics (Professional and Enterprise editions only) – Level 1 analytics introduced instructors and training managers to basic performance tracking using game data. Level 2 will provide a more detailed data set to analyze student/employee performance per session and/or over time using statistics tracking and learning objective-based metrics.
  • Downloadable post-game report (Professional and enterprise editions only) – See side by side, turn by turn comparisons of the red team and blue team actions, as well as a performance analysis.
  • Android/iOS editions – Finally, play on Android and iOS mobile devices. We know this release has been delayed before, but there have been a couple of Google Play Store and Apple App Store hurdles.
  • Challenges (a.k.a. “side quests”), including in-game achievements, badges, and unlocks – Take a break from standard gameplay to complete challenges for achievement badges and unlock special features.
  • Labs (Professional and Enterprise editions only) – These labs will help exercise and measure performance across a variety of learning objectives outlined in cybersecurity curriculums.
  • New Actions for Red Team and Blue Team – Patch Management Server/Zone Patching, More granular ICS/OT Path (for improved ICS/OT learning), and more…


Remaining 2021 Features Roadmap (more details will be provided in subsequent, quarterly announcements)




  • A complete Strategy Guidebook (which also translates to real-world cybersecurity best practices and advice)
  • More technical features, actions, and mechanics for those that are looking for a more technical cybersecurity experience in their ThreatGEN® Red vs. Blue gamification
  • Computer AI difficulty levels
  • Single player campaigns
  • Save/Load games
  • Steam, Android, and iOS platform stats, achievements, and leaderboards
  • Fully automated CTF/tournament brackets (Professional, CTF, and Enterprise editions only)
  • Custom avatars
  • Improved network lobby
  • In-Game tutorial
  • In-game advisor
  • New Actions and Mechanics: Improved IR value for backups, Threat Intelligence, Dual Homed hosts, and more…
  • Machine learning-based analysis (more to come on this in a future announcement…)


Learn more at


https://threatgen.com/threatgen-red-vs-blue-90-day-features-roadmap/

Red vs. Blue Update 1.4.2 is Live!
This update did feature minor visual enhancements and bug fixes, but most changes were on the back-end to prepare for major feature updates coming in 1.5 and later in 2021.

Overview of these changes:

Universal:

  • Several minor bug fixes (non-critical)
  • Minor visual enhancements
  • Major engine upgrade
  • Major networking infrastructure update
  • Major performance optimizations

Pro Edition:

  • Downloadable end-game report
  • Localization infrastructure in place
  • CTF/Tournament bracket integration

So, what’s in the updates to come? Keep an eye out for our next roadmap announcement, but here are a few hints:

Single player campaigns

  • New network environments and scenarios (various industries) - Pro and Education Editions Only
  • New actions and mechanics
  • Learning objectives and labs - Pro and Education Editions Only
  • eLearning courses - Pro and Education Editions Only
  • TABLETOP EXERCISE MODULE!! - Enterprise Edition Only

1.4.1 Hotfix

  • Minor visual updates
  • Minor non game impacting bug fixes
  • AI balancing adjustments
Older posts