Back to Quest Board
🟢

The Siege of a Thousand Arrows

Distributed Denial of Service Attack
P2 — High

An unrelenting barrage of dark energy hammers against your fortress gates. Wave after wave of phantom warriors assault your realm's defences, seeking not to breach the walls but to ensure no one may pass through them. As the siege intensifies, your subjects are locked out and the enemy's true purpose may be more sinister than it appears.

45 minutes
DC 13
3 Injects
4–12 Players

Compliance Frameworks

NIST CSF PR.PT ISO 27001 A.13 PRA SS1/21

🛡️ Roles & Party Members

War Chief Required
Incident Commander

Leads the response team, coordinates technical and business response

Arcane Engineer Required
IT Operations Lead

Manages network infrastructure, coordinates with ISP and DDoS mitigation provider

Shadow Watcher Required
SOC Analyst

Analyses attack traffic patterns, monitors for secondary attacks masked by the DDoS

Keeper of the Contingency Required
Business Continuity Manager

Manages service degradation, activates fallback channels for client services

Town Crier Optional
Communications Lead

Manages external communications, social media response, client notifications

Herald of the Realm Optional
Client Relations

Handles client escalations, manages relationship impact assessment

High Council Elder Optional
Senior Management

Provides executive decision authority, manages regulatory communication

⚡ Inject Timeline

1
The First Volley — Walls Under Siege
T+0 Minutes

It is 10:30 UTC on a Thursday — the bank's busiest day for online transactions. The Network Operations Centre (NOC) detects a sudden and massive spike in inbound traffic to the bank's internet-facin...

6 Discussion Prompts 1 Dice Events 4 Possible Complications
2
The Hidden Dagger — A Second Front Opens
T+20 Minutes

Two hours into the DDoS attack, the SOC identifies something deeply concerning. While the entire security team has been focused on the volumetric attack and service restoration, a separate alert from ...

6 Discussion Prompts 1 Dice Events 4 Possible Complications
3
The Reckoning — Counting the Cost
T+35 Minutes

The DDoS attack has subsided after 8 hours. The network intrusion has been contained. The immediate crisis is over, but the bank must now deal with the consequences. Key issues requiring resolution: ...

6 Discussion Prompts 1 Dice Events 4 Possible Complications

📋 Debrief Questions

Post-Battle Assessment
  1. Was the DDoS mitigation strategy adequate? Should protection be always-on?
  2. How effectively did the team identify the secondary intrusion behind the DDoS smokescreen?
  3. Were vulnerability management processes and patching timelines adequate?
  4. How was the decision made regarding the ransom demand? Was the process clear?
  5. Were client communication and service recovery handled effectively?
  6. What architectural changes would improve resilience against multi-vector attacks?