An interactive tabletop exercise application for testing cybersecurity incident response plans.
Based on the NCSC New Zealand "Rolls & Responders" framework (Creative Commons Attribution 4.0 NZ).
🎮 Try it live | 📦 Download Latest Release
- Dual-View Architecture: Separate facilitator console and player display that sync via localStorage
- Scenario Library: 6 scenarios including 3 NCSC NZ official scenarios + 3 2025 real-world incident scenarios
- Multi-Language Support: Full English and French translations
- D20 Dice System: Advantage/Disadvantage mechanics for action resolution
- Dynamic Injects: Facilitator can trigger unexpected events during gameplay
- Cross-Tab Sync: Open in multiple windows for simultaneous facilitator/player views
Visit https://joris-decombe.github.io/rolls-and-responders-app/
Open in two browser windows:
- Window 1: Select "Facilitator Console"
- Window 2: Select "Player Display" (project on shared screen)
# Install dependencies
npm install
# Start development server
npm run devOpen http://localhost:5173 in two browser windows as above.
Download the latest release and serve the dist/ folder with any static web server.
The facilitator view shows hidden background information, controls game flow, triggers injects, and manages dice rolls.
The player view shows only public information - current phase, event logs, and dice results.
D20-based action resolution with advantage/disadvantage mechanics.
Facilitators can trigger unexpected events during gameplay.
Code: 4452 Paid stressor service hired by criminals for Bitcoin extortion. Tests availability response and stakeholder communication.
Code: 1456 Security tester USB attack on admin laptop. Tests backup recovery and incident disclosure.
Code: 6244 Misconfigured access keys lead to PII exfiltration. Tests data breach response and media handling.
Code: 1461 AI-driven Business Email Compromise using deepfake video technology. Based on the 2024 Arup Hong Kong incident where $25M was fraudulently transferred via deepfake video conference call. Tests detection of AI-generated media and social engineering response.
Code: 3164 Software supply chain attack via NPM/PyPI typosquatting. Based on XZ Utils backdoor (CVE-2024-3094) and Polyfill.io compromise. Tests secure development practices and supply chain security.
Code: 5126 VMware ESXi/Hyper-V hypervisor-level ransomware with double extortion tactics. Based on ESXiArgs and Akira ransomware campaigns (2024). Tests critical infrastructure response and backup strategy at the virtualization layer.
- Choose a scenario on the landing page
- Facilitator: Controls game flow, sees hidden information, triggers injects
- Players: Discuss actions as a team, roll dice for outcomes
- Difficulty: Facilitator sets (Routine 5+, Challenging 10+, Hard 15+)
- Advance: Click "Next Turn" to progress through phases
- Normal: Roll 1 D20
- Advantage: Roll 2 D20, take higher (team has resources/help)
- Disadvantage: Roll 2 D20, take lower (fatigued/under pressure)
- React 19
- Vite
- Tailwind CSS 4
- lucide-react icons
Scenarios and mechanics from NCSC NZ Rolls & Responders:
- Facilitator Manual V1.1
- Game Manual V1
- Quick Guides
Official Resources:
Original concept by Kate Pearce & TradeMe NZ via NZITF.
This application is based on NCSC NZ Rolls & Responders, licensed under Creative Commons Attribution 4.0 New Zealand.
We welcome contributions! See CONTRIBUTING.md for guidelines on:
- Adding new scenarios
- Updating screenshots
- Development setup
- Code style
See CLAUDE.md for architecture details and development guidelines.