"Kill All The Orcs, Hack All The Things" is an RFC for every security-head who has ever chucked a d20 and squealed like a cheerleader at the result. Cryptomancer is a tabletop role-playing game about information security in a Tolkeinesque fantasy setting, developed by a malware hunter and a sysadmin. At the core of Cryptomancer's gameplay is the Shardscape, a fantasy abstraction of the Internet, built on real-world networking and cryptography principles. When they aren't chucking dice to kill stuff, players are tasked with attacking and defending communication networks. To be effective at this, they'll need a conceptual understanding of networks, symmetric/asymmetric encryption, authentication schemes, and security technologies such as firewalls and web proxies... all of which are provided throughout the game's rules, and all of which are easily grokked through fantasy abstractions. This talk will be an architectural overview of the Shardscape and a challenge to play-testers and pen-testers. I will be discussing the basics of how the Shardscape works and how it is deployed in your typical fantasy kingdom to enhance and facilitate business operations. Then, I'll be discussing the many security and privacy challenges facing a connected fantasy kingdom, and the tactics, techniques, and procedures leveraged to both defend and abuse these systems. By the end of this talk, the audience should have all the conceptual building blocks required to construct their own Shardscape designs (e.g. dwarven online banks, industrial control systems) for the fantasy world of their choice. They will also have a thorough understanding of this system's inherent weaknesses and be equipped to develop new attack patterns the Shardscape's creators could not have anticipated. While tabletop gamers will likely get the most out of this talk, it is also suitable for security educators, theorists, and privacy advocates, as well as anyone interested in methods of teaching IT and security concepts to non-technical people. http://cryptorpg.com