Close this search box.

CTD Card Game

MITRE Booster

The MITRE Corporation focuses on solving problems for a safer world through public-private partnerships to tackle challenges to the safety, stability, and wellbeing of the nation. They have pioneered innovative technologies that touch people’s lives, such as GPS, the ATT&CK knowledge base of cyber adversary tactics, and the commercial airline Traffic Collision Avoidance System.

The booster pack’s rare “MITRE ATT&CK” card highlights their globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Other uncommon cards featured in this deck include the “Resource Hijacking” attack card and “Boot Integrity” defense card.

Released July 2020

Discontinued End of 2021


Technical intelligence gathering includes, but is not limited to, understanding the target’s network architecture, IP space, network services, email format and security procedures.

When played, add each of your opponent’s Assets and Defenses and subtract the two. The difference will be the number of cards they discard from the top of their deck to a maximum of 4. Discard this card at the end of the round.

Perform audits or scans of systems, permissions, insecure software and insecure configurations to identify potential weaknesses.

Return an Asset – System card you have in play to your hand. For each other Defense you have in play, you may select 1 card in your hand and place it on the bottom of your deck and draw a card. Shuffle your deck and discard this card at the end of the round.

Adversaries may leverage the resources of co-opted systems in order to use the resources. This may impact system and/or hosted service availability.

Select an opponent’s System or Server Asset card. Your opponent does not earn any points for that Asset. For each point that Asset would have gained, your opponents loses that many points. Discard this card after 1 round.

A computer that is provided and used at a business by employees that can be taken home.

Gain 1 point at the end of the round. As long as you have an Asset – Personnel or a Defense – Personnel card in play, gain 1 additional point.

Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users. Example resources include websites, email services and web-based applications.

Select an Attack – Denial card you have in play and return it to your hand. All of your opponent’s System and Server Assets gain 0 points. Firewall does not affect this card. Discard this card at the end of the round.

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics that allows defenders to better understand attackers and be able to spot them more easily.

While in play, if you have 3 Defense cards, you may play one extra card during your turn. If you have no other defense cards in play, discard this card. If a Denial card is affecting you, this card’s effect can’t be used. You may only have 1 of this card in play.

Adversaries use internal spear phishing to gain additional information or to exploit users within the organization after gaining access to accounts or systems within the environment.

This attack can only be played if a Malware card is affecting your opponent or if your opponent has a Personnel card in play. If both requirements are met, remove 3 points this round. Otherwise, remove 2 points. Discard this card after 2 rounds.

Hyperjacking is an attack in which an adversary takes malicious control over the hypervisor that creates the virtual environment within a virtual machine (VM) host.

Attach this card to an Attack – Malware card you have in play. If the Malware card is discarded, place it fourth from the top of your deck and discard this card instead.

Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation.

Select an opponent’s Asset – System card that is in play. If that Asset is removed, discard this card. Each time your opponent plays an Asset or Defense card, select one card in their hand to view. Your opponent loses 1 point at the end of each round.

When flood volumes exceed the capacity of the network connection, it is necessary to intercept the incoming traffic to filter out the attack traffic from the legitimate traffic. Such defenses can be provided by the hosting Internal Service Provider (ISP).

Search your deck for a Firewall card. Place it in your hand and shuffle your deck. For each ISP that you have in play, gain 1 point to a maximum of 3 points. Discard this card at the end of the round.

Credential access allows adversaries to control an account on the network, and makes it harder for defenders to detect the adversary.

Select an Attack – Hack card you control. If that card would discard itself after “x” rounds, instead leave it in play until removed by other means.

Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms. This can be accomplished with a Trusted Platform Module (TPM), which is a specialized chip on an endpoint device that stores specific encryption keys.

Discard any attack targeting one of your Assets that isn’t a Personnel or Service Provider. Gain 1 point and discard this card at the end of the round.