top of page
mr.cruxss_a_kraken_wrapped_around_a_pirate_ship_underwater_hand_39847ca8-ead3-4748-b634-f2

Play The Demo

Step into a Small Municipal Water System and play a full round of Cyber Realm in your browser. No Download, no account. Defend against real attack cards, hold the line, and learn the cyber kill chain and NIST defense framework by playing it. 

launchdemo.png

A Real Game, Right in your browser

The demo runs the live Cyber Realm ruleset against an arena-style board. The same play mat, cards, and resource system from the tabletop game, rebuilt to play solo or to learn the flow before you open a physical deck. 

01

02

03

04

Allocate resources each turn and spend them to deploy attacks, tools, and defenses.

Chain cards across the kill chain to push an attack through to its objective.

Cyber Lesson callouts explain the real tactic behind every card as you play it.

Runs on any modern browser — desktop or tablet. Nothing to install.

Every Attack Follows the cyber kill chain

Cyber Realm is built on the real Cyber Kill Chain. Each card belongs to a phase, and winning means moving an attack cleanly from one link to the next while your opponent tries to break the chain. The demo walks you through it step by step. 

Recon

Scout the target. Reveal hidden assets, configs, and weak points. 

e.g. Port Scanner

Industrial Control Systems (20).png

Weaponize

Build the payload. Hide malware in a trusted file or tool

e.g. Password Cracker

Industrial Control Systems (21).png

Delivery

Get it across the wire. Phishing, fake logins, the human seam.

e.g. Unsecured Access

Exploit

Fire the exploit. Execute code on the target asset. 

e.g. Cred Attack

Install

Plant persistence so the foothold survives the turn. 

e.g. RAT

Command & Control

Open a channel home. Relay orders past the firewall. 

e.g. C2 Communication

Actions on Objectives

Act on the goal. Exfiltrate, disrupt, or hold the asset. 

e.g. System Outage

Blue Team Runs the NIST Framework

Where the attacker works the cyber kill chain, the defender works the NIST Cybersecurity Framework. Five functions that turn scattered controls into a strategy. Your Detect, Protect, and Respond cards each live in one of these, and a strong defense covers all five. 

Industrial Control Systems (15).png

Identify

Know what you're defending. Wells, pumps, SCADA, and the connections between them

e.g. Asset Discovery

Industrial Control Systems (16).png

Protect

Know what you're defending. Wells, pumps, SCADA, and the connections between them

e.g. Firewall Rule 

Detect

Know what you're defending. Wells, pumps, SCADA, and the connections between them

e.g. Network Monitor

Respond

Know what you're defending. Wells, pumps, SCADA, and the connections between them

e.g. PCAP Analysis

Recover

Know what you're defending. Wells, pumps, SCADA, and the connections between them

e.g. Backup

mr.cruxss_a_siren_underwater_singing_luring_in_pirates_into_the_46a458af-9e4d-4cce-be88-e7

The board at a glance

Red Team stages attacks up top, Blue Team holds the line below, and the utility's assets sit contested in the middle. Two meters device the match: the SCP Tracker and Utility Impact.

Untitled design (13).jpg

System Control Points

The defender's running score control coverage banked across the NIST functions. Climb it by standing up defenses; it's the measure of how locked-down the utility is when the next attack lands.

SCP Tracker

Damage to the water Service

Every attack that reaches an asset pushes Impact up green to amber to red. Let it max out and the utility fails and Red Team wins; Recover cards are how Blue Team walks it back down.

Utility Impact

mr_edited.jpg

The Board is live. Take your first turn.

Launch the demo, play a round, and come back for a physical deck when you're hooked. 

© 2024 CruXSS. Cyber Realm is an independent educational/training card game. All trademarks and brand names are the property of their respective owners. Use of such names is for educational purposes only and does not imply affiliation or endorsement by any tool or company.

Shipping & Returns

Terms & Conditions

bottom of page