Introducing Hacktivity Games: Real Hacking That Moves the Plot

SAFETYNET: Holding Back the ENTROPY — Official Trailer

Your handler briefs you — the mission begins

Explore the environment — cyber physical hacking and exploration

Meet Derek — NPCs have information, agendas, and attitude

Not every NPC is friendly — and choices have consequences

The narrative leads you to the terminal

Real Kali Linux — full desktop VM, runs in your browser

Real tools — CyberChef, Nmap, Metasploit and more

Locks and keys — find what you need before you can use it

Realistic cyber physical attacks — incl lockpicking mechanics

Every mission reveals a new challenge

Today we're launching Hacktivity Games — a home for cyber security games where the hacking is genuinely real, the puzzles involve genuine cyber security, the gameplay is fun, and the story cares what you do.

Over the coming days I'll be publishing a series on hacking games that lays out the problem we set out to solve in full — but here's the short version. Most cyber games pick one thing and drop the other. Cyberpunk thrillers give you a gorgeous world where hacking is effectively magic. CTFs give you real tools and real vulnerabilities — and then drop you on an IP address with no story, no characters, no reason the box matters. You own the box. Then what?

Hacktivity Games is our answer to then what. It's built on Break Escape, our open-source, browser-based, escape-room-inspired game engine — and we put real technical challenges on the critical path of a story that reacts.

What's launching

🕵️ SAFETYNET: Holding Back the ENTROPY — the flagship

A spy-vs-spy espionage thriller, told as a season of missions.

You've just joined SAFETYNET. Your mission: counter ENTROPY — a criminal organisation pursuing world domination through cyber-physical attacks, corporate espionage, and infrastructure sabotage. You operate undercover. Each mission peels back another layer of ENTROPY's compartmentalised operations.

Mission 1, First Contact, sends you undercover into a company harbouring an insider threat. You'll pick locks, talk your way past NPCs through branching dialogue, decode messages, and then drop into a live Linux VM for the real thing — SSH brute force, filesystem investigation, privilege escalation. No simulated terminal. An actual box.

And don't worry if you're new to this — it's beginner-friendly by design. You don't arrive already knowing how to break into a Linux box; you learn it by playing, and the puzzles introduce techniques as you need them. NPC hints are there in-character if you want them — but they're entirely optional. Lean on them when you're stuck, or ignore them and go straight for the box. Newcomers get scaffolding that makes a bare CTF far less intimidating; experienced players get a genuine challenge and a story worth playing, without hand-holding. Either way, you come out with real skills.

And unlike a CTF, owning the box isn't the end — it's the hinge. The mission closes on a confrontation with multiple resolution paths: arrest the villain, expose them publicly, or choose something darker. The route you took and what you found shape what you're allowed to do. The CTF flags move the plot, not simply scoring points.

🏥 Critical-infrastructure scenarios — when security meets safety

This is what you could call serious games. Built with our security-informed safety research (ACSE 2026), three scenarios drop you into the gap between cyber security and safety engineering — where a routine IT decision can put physical lives at risk.

Northgate General Hospital — ransomware hits a hospital where clinical monitors share a network with enterprise IT. A ransom note glows on the ward's central screen while a cardiac patient's bedside alarm sounds, unanswered. You triage SIEM alerts, navigate a dual sign-off isolation decision, and discover that an infusion pump's drug library has been silently tampered with — morphine's max dose raised from 4 mg/hr to 40 mg/hr. A patient in Bed 4 deteriorates if you don't act within 22 minutes. The ICO's 72-hour clock is ticking, with a £17.5m penalty if you miss it.
Albion Battery Hall — an IT-to-OT pivot against a 100 MW battery storage facility. The attacker has falsified the SCADA temperature (it reads 28°C; the analog thermometer on the wall reads 51°C) and quietly raised the safety system's thermal-runaway threshold from 55°C to 85°C. The teaching moment is that humble analog gauge: it reads true precisely because it can't be hacked. Hit the hardwired emergency shutdown before hydrogen reaches evacuation levels — but know that pressing it destroys the forensic evidence you'd need for attribution. Safety vs. security, as an irreversible choice.
Meridian Claims — the unusual one. You arrive after the battery hall incident, as the insurance claims team adjudicating an £8.2m claim. It turns out warranty conditions are just IEC 62443 and IEC 61511 wearing a financial disguise — and a memo locked in an underwriting cabinet shows the insurer knew about Albion's unresolved deficiencies and renewed anyway. Security consequences, all the way into the boardroom.

These three alone deliver 19 NPCs, nearly 6,000 lines of branching dialogue, 20 custom minigames, and around 165 minutes of play — and every key decision is tracked in the game's state, so your choices actually land.

Why it feels different

Across everything on Hacktivity Games, the same principles hold:

Physical puzzles gate digital ones. You can't skip the lockpick to get to the VM. The real-world puzzle is the key to the technical one.
Consequences are structural, not narrated. The game doesn't tell you that isolating the wrong network killed patient monitoring — it happens, because of what you did.
Skills transfer. The exploitation you do in SAFETYNET is the same exploitation you'd do in a pentest. It's not a model of hacking. It's hacking.

There's a research-backed name for what most cyber games get wrong — the reflection gap, where security terminology becomes flavour text players never actually engage with. Everything here is engineered to close that gap by making the security the only way forward.

Walk up to a PC in the game, and you have access to Kali Linux, a live VM networked to servers for you to attack.

Play it now — Mission 1 is free

Here's the deal:

Mission 1 (First Contact) is completely free. Sign up at no cost and play it today — no payment, no catch.
More missions are in active development. Season 1 of SAFETYNET is unfolding, with the critical-infrastructure scenarios and upcomming byte-size escape rooms alongside it.
Subscribers get access to everything as it lands.

But you don't have to decide any of that now. Join for free, play Mission 1, and see for yourself how much of the hacking is real.

🕹️ Start playing for free → hacktivity.co.uk

SAFETYNET:
Holding Back the ENTROPY

The flagship Hacktivity Game — Season 1, Mission 1 available now

The only game where the hacking is real in a world that reacts to what you do.

▶ Real hacking on real VMs — Kali Linux, full desktop, runs entirely in your browser
▶ Escape room puzzles — lockpicking, RFID cloning, decoded messages, chained with the hacking
▶ Spy narrative — NPCs, choices with consequences

Mission 1 is free — sign up to a game to start.