We published research at HCII 2024 on attacker-perspective cybersecurity awareness training — sharing the paper and the artifact
This entry describes published research on attacker-perspective cybersecurity awareness training presented at HCII 2024. The research introduces a web-based game called Masterm1nd that immerses users in attacker and victim roles across scenarios such as weak passwords, phishing, public Wi-Fi exfiltration, and malicious charging ports. A pilot study with 20 participants showed improved understanding, especially regarding malicious charging ports. The content is educational and research-focused rather than describing a vulnerability or active threat.
AI Analysis
Technical Summary
The research presents an innovative cybersecurity awareness training approach that places users in the attacker's perspective through an interactive web game. The game covers four attack vectors: weak/reused passwords, phishing (including spear, smishing, vishing, and email), public Wi-Fi exfiltration, and malicious charging ports (juice jacking). A pilot study demonstrated measurable comprehension improvements, particularly in the charging ports scenario. The research aims to enhance user engagement and retention beyond traditional passive training methods.
Potential Impact
There is no direct security vulnerability or exploit described. The impact is educational, aiming to improve cybersecurity awareness and user comprehension of attack techniques. This can indirectly contribute to stronger security postures by better-informed users but does not represent an active threat or vulnerability.
Mitigation Recommendations
No remediation or patch is applicable as this is a research and training tool rather than a vulnerability. Organizations interested in improving cybersecurity awareness may consider evaluating or adopting attacker-perspective training approaches like the Masterm1nd game to enhance user education.
We published research at HCII 2024 on attacker-perspective cybersecurity awareness training — sharing the paper and the artifact
Description
This entry describes published research on attacker-perspective cybersecurity awareness training presented at HCII 2024. The research introduces a web-based game called Masterm1nd that immerses users in attacker and victim roles across scenarios such as weak passwords, phishing, public Wi-Fi exfiltration, and malicious charging ports. A pilot study with 20 participants showed improved understanding, especially regarding malicious charging ports. The content is educational and research-focused rather than describing a vulnerability or active threat.
Reddit Discussion
Posting our HCII 2024 paper here for discussion. The design choices behind it might be useful for anyone working on awareness training that goes beyond click-rate dashboards.
The hypothesis we tested: most awareness training is passive (watch a video, click through a quiz, fail a phishing simulation), but actually putting the user in the attacker's seat for a few minutes might stick better than memorizing rules. So we built and tested a four-scenario web game called Masterm1nd, where the player experiences both the attacker and the victim across:
- Weak/reused passwords
- Phishing (spear, smishing, vishing, email)
- Public Wi-Fi exfiltration
- Malicious charging ports (juice jacking)
Pilot study: 20 participants, pre/post comprehension on each vector. The charging-ports scenario showed the strongest delta (94% reported improved understanding). The phishing differentiation was the noisiest result — vishing especially was harder than expected, even with one of the messages being AI-voice-cloned.
Paper link: https://masterm1nd.net/paper.pdf
Game link: https://masterm1nd.net/?utm\_source=reddit&utm\_medium=post&utm\_campaign=launch
Note: the game has evolved since the paper was published, but the core scenarios and research design are the same.
Genuinely interested in what this community would change about the methodology, or what attack vector should be the fifth scenario if we extend the study.
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The research presents an innovative cybersecurity awareness training approach that places users in the attacker's perspective through an interactive web game. The game covers four attack vectors: weak/reused passwords, phishing (including spear, smishing, vishing, and email), public Wi-Fi exfiltration, and malicious charging ports (juice jacking). A pilot study demonstrated measurable comprehension improvements, particularly in the charging ports scenario. The research aims to enhance user engagement and retention beyond traditional passive training methods.
Potential Impact
There is no direct security vulnerability or exploit described. The impact is educational, aiming to improve cybersecurity awareness and user comprehension of attack techniques. This can indirectly contribute to stronger security postures by better-informed users but does not represent an active threat or vulnerability.
Mitigation Recommendations
No remediation or patch is applicable as this is a research and training tool rather than a vulnerability. Organizations interested in improving cybersecurity awareness may consider evaluating or adopting attacker-perspective training approaches like the Masterm1nd game to enhance user education.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a329dda0b89be6888547347
Added to database: 6/17/2026, 1:15:06 PM
Last enriched: 6/17/2026, 1:15:14 PM
Last updated: 6/17/2026, 5:28:02 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.