This guide gives you everything you need to run "DEF CON: is canceled! (Black betrayal)" from start to finish. All narration, opening dialog, and event descriptions are written out for you. Read them aloud or paraphrase — whatever feels comfortable. You do not need to improvise. The story is all here.
Their goal is to successfully run 3 out of 5 "Core Pillars" of the con (Keynotes, CTF, The Network, The Badge, and The Party).
Their goal is to cause 3 "Critical Failures." If the con is shut down by the Venue or the Feds, they get their payout.
He sees the "Short-Sellers" during the setup phase. He knows who is sabotaging his life's work, but if he calls them out publicly, the Short-Sellers will leak his private DMs and "dox" him, causing him to lose the game.
The Game Master (GM) is the person who runs the game. The GM is responsible for narrating the story, managing the game's flow, and keeping track of the rules and mechanics. The GM does not play as a character but instead facilitates the experience for the players.
Instead of generic "missions," players must vote on "Deployment Teams" for specific con events - The Pillars. Each pillar has a unique scenario and potential sabotage points. For example:
E.g.: The Badge Firmware: If the team includes a saboteur, the badges might emit a high-pitched frequency that prompts the Fire Marshal to clear the room (Mission Fail). The NOC (Network Operations Center): A saboteur might "accidentally" drop the firewall, allowing a 14-year-old to Rickroll the entire main stage (Mission Fail).
The loyalists have to deploy a team, identify, from the story's background, "what can go wrong" by correctly identifying the hidden threat scenario in progress by studying the possible threat cards, and then decide: "what are we going to do about it?" After making a decision, the players vote on whether the pillar goes on without incident or gets sabotaged, choosing between the two option cards "No incident" and "Sabotaged" provided by the GM. If the saboteur is among them, the pillar gets sabotaged. If so, the players can still save the day by rolling a d20 die. If 3 of the pillars fail, DEF CON gets canceled, and the short-seller wins. A minus point is counted as a negative modifier for each pillar that fails, as moral takes a hit. If they succeed, the modifiers are removed. If the pillar goes on without incident, roll a d20. A 5+ (plus minus any modifiers the players might have) means the pillar succeeds.
The players agree which character role they want to play. Each role has a unique background and a special ability that can be used once per game. The Dark Tangent (Jeff) cannot be chosen, but is assigned secretly when the game starts.
Write the required number of roles on slips of paper (or choose the appropriate number of role cards), fold them, and hand one to each player face-down. Make sure to include the correct number of Short-Seller roles based on the number of players.
Short-Seller roles (players who want the conference to fail):
When playing with 3–4 players: 1 Short-Seller When playing with 5–6 players: 2 Short-Sellers When playing with 7–8 players: 3 Short-Sellers
How to tell The Dark Tangent who the short-sellers are:
After all roles are handed out and players have read theirs, ask everyone to close their eyes. Tap the Dark Tangent on the shoulder. Whisper the Short-Sellers' names to the Dark Tangent player. You can also use your eyes and gestures to indicate the Short-Sellers. They must keep this secret.
You know who the saboteurs are. That makes you the most dangerous person in the room — and the most hunted. If the Short-Sellers correctly name you as the Dark Tangent at any point in the game — the Short-Sellers win immediately. Your knowledge means nothing if you are exposed. Survival is your first job. Saving the conference is your second.
Don't Be Too Helpful. If you are too perfect at identifying saboteurs — always voting against the right person to be part of the deployment team, always pushing the right threat cards — the Short-Sellers will notice. Nobody is that good by coincidence. The moment you look like you have a map, you become the target. Be right just often enough. Be wrong just often enough, and be careful how you use your eyes and give hints.
Create Confusion. Sometimes you must vote for a team you know will fail, just to throw off the short-sellers. A failed mission you engineered is painful. Being identified and handing the Short-Sellers an instant win is worse. Pick your moments.
Let Others Take Credit. Guide the conversation. Ask questions that lead other Loyalists to the same conclusion. If someone else makes the right accusation, they become the target of suspicion — not you.
Your goal is to win without ever being seen.
Note
"It's Thursday morning, August 6th, 2026. The Las Vegas Convention Center West Hall smells like carpet cleaner, badge solder, and ambition. Thirty thousand hackers are on their way here, and you're the people who make it all happen.
You are the inner circle. The organizers, the engineers, the goons. And right now, in this room, DEF CON 34 is forty-eight hours away from going live.
The conference has had a rough year. Two crypto investments that should have funded next year's venue fees went sideways. A lawsuit over a badge component that allegedly sent three people to the ER is working its way through the courts. Jeff — The Dark Tangent — hasn't slept in days.
What you don't know — what most of you don't know — is that someone in this room has bet against the conference. Anonymous short positions on Polymarket. A payout is triggered only if DEF CON is canceled before the Closing Ceremonies.
Someone in this room needs this conference to fail.
Your job is to run it anyway. You need to keep at least three of the five Core Pillars standing: the Keynotes, the CTF, the Network, the Badge, and the Party. Let three critical failures happen, and the Short-Sellers collect. The feds show up. The venue pulls the plug, and DEF CON 34 becomes DEF CON: The Last One.
The only question is: who among you is already working to make that happen?"
Pause. Let the atmosphere settle.
Each pillar is a separate event. Players must keep at least three of five from failing. You will run each pillar as a "mission" in sequence. A pillar fails if the Loyalists accumulate three failed rolls on it.
| Pillar | Description |
|---|---|
| The Keynotes | Main stage presentations, government speakers, press coverage. |
| The CTF | The Benevolent Bureau of Birds capture-the-flag competition. |
| The Network | The NOC's infrastructure. DEF CON's infamous open wireless network. |
| The Badge | The electronic hardware puzzle distributed to 30,000 attendees. |
| The Party | The Caesar's Challenge closing celebration. The final mission. |
Before the game begins, the GM reads the event narration above, then draws a pillar card and keeps it secret. He then choose one of the possible threats noted on the pillar card and writes it down on a piece of paper.
Players nominate a team of 2–4 people to "staff" the event. Anyone can be nominated. Players vote by simultaneously showing thumbs-up or thumbs-down. If a majority approves, the team is locked in.
Short-Sellers should vote strategically. Their goal is to get themselves (or each other) onto deployment teams to sabotage missions.
After the deployment team is locked in, the GM reads a short situation briefing (provided for each pillar card). The full table — not just the deployment team — then debates what response to take. Each pillar card has a positive and a negative outcome and an active threat in progress.
Positive outcome: The pillar is executed without any incident. Negative outcome: The pillar gets sabotaged.
First, the player needs to agree on the correct threat amongst the threat cards they have been given. They can only choose one. If they guess the right threat, the positive outcome scenario is read.
Each player has two pre-written option cards printed below:
Players do not know which card each player has used. They argue, persuade, and vote. Short-Sellers may use the "Sabotage" option card. Loyalists should vote on No incident.
After each player has played their chosen card face down, the GM shuffles the cards and places them face up on the table. Depending on whether a "No incident" or "Sabotage" card is played, the GM will read the appropriate outcome from the pillar card and announce what the deployment team needs to roll to succeed.
Record modifiers on a shared notepad that everyone can see or play with the character cards face up, and use a d6 die to keep track of morale.
Before each pillar resolves (success or failure), players have a brief "free action" round before the next mission. Each player can do one of the following:
3 or more Core Pillars have been completed without failing.
Read aloud:
Note
"DEF CON 34 ends on schedule. The Closing Ceremonies happen. The Polymarket bets expire worthless. Jeff shakes hands with every one of you. Nobody gets doxed. Nobody gets arrested. The conference lives to see another year.
Whoever placed those short bets is waiting for a payout that will never come. The only thing they earned was the knowledge that 30,000 hackers are very hard to stop."
3 or more Core Pillars have failed, or one of the Short-Sellers has correctly named the Dark Tangent.
The Short-Sellers' win condition triggers immediately and overrides everything else. If a Short-Seller stands up and names the correct player, the game ends. The Short-Sellers collect. It does not matter how well the conference was running. The Dark Tangent's cover was the last line of defence.
How the Short-Seller names the Dark Tangent:
The Short-Seller may declare "Cancel DEF CON". They name one player. The GM confirms whether the named player is the Dark Tangent. If correct, read the Short-Seller win narration. If wrong, the Short-Seller is exposed and will be put on the sidelines.
Read aloud:
Note
"DEF CON gets canceled. The Closing Ceremonies don't happen. The venue contract is voided citing 'repeated safety and liability violations.' The feds are asking questions nobody wants to answer. The Polymarket payout clears sometime Thursday night.
DEF CON 34 will be remembered — but not the way anyone intended."