How to Play NodeBreach
NodeBreach is a real-infrastructure cyber operations platform. You spin up actual Linux nodes, build attack decks, capture flags, and battle other operators — all inside a living geopolitical world.
The Core Loop
Everything in NodeBreach flows from four actions:
Deploy a Node
Spin up a real Linux container in your chosen country. Your node is your base — it hosts your flags and runs your tools.
Equip a Deck
Assign a card deck to your node. Your deck is the set of attack and defense moves you can play in battles on that node.
Capture Flags
Hunt vulnerabilities on your own node or attack others to capture their flags. Each flag earns points and fuels progression.
Battle Operators
Challenge other players to card-driven battles. Your deck vs. theirs — strategy, timing, and card synergies decide who wins.
Nodes
Nodes are real Docker containers running on NodeBreach's infrastructure. Each node has its own IP, SSH access, installed tools, vulnerabilities, and flags. They're not simulations — commands you run actually execute inside a live Linux environment.
SSH + Web Terminal
Full shell access from your browser or any SSH client.
Desktop (VNC)
Desktop nodes include a full GUI via browser-based VNC.
Hacking Tools
Install nmap, sqlmap, hydra, gobuster, and more from the tool store.
Flags
Each node has rotating flags hidden in vulnerabilities. Find and submit them for points.
Assigned Deck
One deck per node. The deck determines which cards you play in battles on this node.
Tip: You can own multiple nodes across different countries. Expanding your territory earns influence and makes it harder for enemies to reach your core assets.
Decks & Cards
Decks are your loadout for combat. Each deck holds up to 20 cards split across three sections. When you start a battle, you draw from your deck and play cards to attack, defend, or create tactical advantages.
Deck Rules
Max 20 Cards
A deck can hold up to 20 cards total across all sections. Each card can appear up to 3× in a deck.
Must include Attack
Every deck must have at least one red (attack) or purple (recon) card. Pure defense decks are not valid.
Must include Defense
Every deck must have at least one blue (defense) card. You cannot attack without being able to defend.
Card Sections
Attack cards — exploits, scans, intrusion attempts. These deal damage and disable the defender's services.
Countermeasure cards — firewalls, patches, honeypots. These protect your node and counter incoming attacks.
Utility cards — recon, resource generation, tactical plays. These support either side depending on context.
One Deck Per Node
Each node can have exactly one deck assigned. That deck is the one used in all battles fought on that node.
- When you create a node, your active deck is assigned automatically.
- You can swap the deck from the node's detail page at any time outside of an active battle.
- Assigning a deck to one node removes it from any other node it was on — a deck can only defend one position at a time.
- You can own and build as many decks as you like — but only one per node is ever active.
Flags
Flags are the primary currency of skill in NodeBreach. A flag is a secret token hidden inside a vulnerability on a node. Finding it requires actually exploiting the vulnerability — not guessing or brute-forcing the format.
Find a vulnerability
Use nmap, gobuster, nikto, or other tools to identify exposed services and weaknesses on a target node.
Exploit it
Exploit the vulnerability using your tools or a battle card. The flag lives inside the exploited service.
Submit the flag
Copy the flag token (format: NODEBREACH{...}) and submit it using the Submit Flag button in the top bar.
Earn points
Each unique flag earns you tokens and XP. Flags rotate every 4 hours — stale flags stop working, keeping things fresh.
Battles
Battles are real-time card-driven PvP matches between two operators. You challenge another player's node — your attacking deck faces their defending deck. Rounds are timed. Strategy and card synergies decide the outcome.
How a Battle Works
Challenge
Select a target node on the map and send a battle invite. They have a time limit to accept.
Decks lock in
Once accepted, both players' assigned decks are locked for the match. No swapping mid-battle.
Rounds
Each round you play one card from your hand. The attacker plays an offensive card; the defender counters with a defensive card. Effects resolve simultaneously.
HP
Both sides have HP. Uncountered attacks drain the target's HP. Successful defenses absorb damage. The battle ends when HP hits 0 or the round limit is reached.
Outcome
The winner earns tokens and XP scaled to difficulty, speed, and phases completed. Capture enough flags from a node through regular play and you can launch a conquest battle to take ownership of it entirely.
Battle Rules
Each round has a strict server-enforced timer. Missing consecutive turns triggers an auto-forfeit.
Decks are locked at battle start. You cannot swap cards or change decks mid-match.
You cannot attack a node that is already in an active battle.
A node under attack cannot be stopped or destroyed by its owner until the battle resolves.
The Living World
NodeBreach isn't a static environment. The world evolves with or without you. APT factions spread across countries, infect infrastructure, and generate contracts. Seasons bring story-driven events with boss encounters, unique cards, and narrative missions delivered by your Handler.
APT Infections
Threat actors actively compromise infrastructure on the world map. Nodes in infected countries face elevated attack traffic and special vulnerabilities.
Seasons & Events
Seasonal operations give you a narrative mission arc with escalating phases, unique rewards, and a community finale boss.
Your Handler
An AI handler sends you encrypted mission briefings, threat intelligence, and narrative updates based on your activity and the season's story.
Territory Control
Factions and operators compete for country influence. Holding territory earns ongoing bonuses and puts you on the world leaderboard.
Request early access.
NodeBreach is in controlled early access. Join the waitlist and we'll reach out when a spot opens — we're prioritising security professionals, students, and educators first.
You're on the list.
We'll be in touch when your access is ready. Keep an eye on your inbox.