Skip to main content

Shostack + Friends Blog

Posts in category “games”

Threat Modeling Gameplay with Eop

You should get the Threat Modeling Gameplay book, now available! (12 Aug 2024)

Miro Threat Modeling Template for EoP

A Miro template for Elevation of Privilege (10 Nov 2022)

Elevation of Defenses

Using games to help us explore engineering techniques (15 Mar 2022)

Elevation of Privilege: New Cards for 2022

Holy cow, we’ve added new cards to Elevation of Privilege! (20 Jan 2022)

Lessons Learned: Playing Elevation of Privilege

We learn while we're having fun. Some takeaways from a recent play to learn session. (28 Sep 2021)

Threat Model Thursday: Games

For reasons I can't quite talk about yet, this has been a super busy time, and I look forward to sharing the exciting developments that have kept me occupied. (06 Feb 2020)

Enter the SpudNet

A new game to teach networking and security concepts. (15 Jan 2020)

Capture the Flag events and eSports

A breakdown of CTFs and eSports (11 Sep 2019)

The White Box Essays (Book Review)

A resource for those developing games. (10 Apr 2019)

Pivots and Payloads

A new game from SANS for understanding pen test methodology, tactics, and tools. (17 Dec 2018)

Privacy Extension to Elevation of Privilege game

An extended version of Elevation of Privilege, now with Privacy. (17 Oct 2018)

Games and Cards

[no description provided] (16 Jul 2018)

Cyber Grand Shellphish

[no description provided] (24 Apr 2017)

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Other Star Wars blog posts

Modeling attackers and their motives

Doing science with near misses

Posts about Adam’s “Threats” book

Posts about Adam’s “Threat Modeling” book

Posts about “The New School of Information Security” book

About this blog

Popular Blog Topics

Threat Model Thursday,
exploring specific published threat models

Threat Modeling (general topic)

Application Security

Software Engineering

Privacy + Personal Security

Research + Reports

Podcasts, Videos + Webinars

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.

Recent posts

The Unanimous Declaration of the Thirteen United States of America

04 Jul 2025

When was the last time you looked over what our country was founded upon?

Appsec Roundup - June 2025

01 Jul 2025

Lots of fascinating threat model-related advances, new risk management tools, games, and more!

Google’s approach to AI Agents -- Threat Model Thursday

27 Jun 2025

What can we learn from Google’s approach to AI Agent Security

Publish your threat model!

16 Jun 2025

We think you should publish your threat model, and we’re publishing our arguments.

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.