Capture The Flag Games in Role-Playing Games

I’ve recently been running a 5e-based game with my usual role-playing nerd circle on Sunday nights. The game is called The Spy Game. It started off as a Kickstarter campaign and doubled it’s original funding goal (well done!) It’s been fairly successful, but I’m not here to talk about that. This post is about how I’ve incorporated Capture the Flag elements to our role playing.

Yes, I’m a grown man who plays D&D-style games. We play D20 games, which are role-playing games that use dice to determine the outcomes of certain actions. They have become increasingly popularized in the media, with Stranger Things being a large contributor. I did not grow up playing D&D, but started playing when my poker group decided to mix it up. Yes that is true.

What is The Spy Game?

The Spy Game is a role-playing game that is built around telling stories set in a today-like world with… spies. That means your players pick what type of spy they want to play, and make up back stories, choose classes (Infiltrator, Assassin, Medic, etc.) Then the Game Master (me) makes up scenarios and missions for them to go on. The players decide what they want to do (e.g. attack a security guard) and they roll a die to see how devastating their attack on the poor guard was. And while this is a gross over-simplification, it’s good enough for our purposes.

Quickly, What is Capture the Flag?

Capture the flag (commonly CFP), is a style of network and systems security penetration-testing simulation for fun. The idea is that a security expert creates a small, simulated computer system that players try to break into, or crack a code to find a “flag”. The flag is the indicator of the player’s success. For example, you might be given a website that has some sort of password protection that is beatable with certain techniques. Once you bypass the security, you discovery a flag. These are often written as {Flag-name} or something similar to allow the players to know they have been successful. You can read all about them on Wikipedia, or play there with Hacker101 or even Google.

Combining CTFs and Role Playing

My roleplaying group is fairly nerdy (does that go without saying?) So I wanted to make the game a little technical and different from our usual swords and sorcery chaos romps. I thought it would be interesting for those in the group who are less technically minded to learn a little about actual hacking, rather than the “roll the dice to try and hack the system” that is built into the game. The more experienced computer-people in the group could screen share as they worked, and the team could work out the problems together. Everyone wins!

It has worked out really, really well. Everyone has enjoyed these CTFs, including me. I’ve only written a few so far, but they include:

Breaking a password to get into a security camera interface
Finding the GPS coordinates of an arms deal that is going down, hidden in a base-64 string
Decoding a message between two terrorists, hidden in an image
Cracking a cipher (spoilers) to get the code words for the security team on duty needed for a break-in!

You can find them the few I’ve written so far here on Github.

These ideas were heavily influenced by the excellent CTF run by the one and only Connor Tumbleson, at Sourcetoad.

Writing CTFs with ChatGPT

I would highly recommend adding a real world CTF to your next role playing adventure. But who has the time? Enter AI with ChatGPT. One of the scary things about ChatGPT is that it writes decent code, but it is only as good as the prompts you give it, and it is NOT secure. So basically anything you tell the bot to write for you has an exploit big enough to drive a bus through. This should be scary to anyone using it for production work, but it is amazing for CTFs.

I’ve also used ChatGPT to write quick and dirty interfaces (like the security camera on-off switch). Is it pretty? No! Would I use anything like that for a client or anywhere near a production environment? Hell no! But it’s MORE that good enough for a fun evening with friends, gathered around a Zoom table, working out how to hack into a secret vault.

Previous ArticleAre School Bus Tracking Systems Dangerous?Next ArticleHow to Land Your First Tech Job: Or at least what I will tell you

Greg

I help companies turn their technical ideas into reality.

CEO @Sourcetoad and @OnDeck

Founder of Thankscrate and Data and Sons

Author of Herding Cats and Coders

Fan of judo, squash, whiskey, aggressive inline, and temperamental British sports cars.

You must be logged in to post a comment.

Image generation comparison from February 2026

February 17, 2026 14:34February 17, 2026In Technology

I spend a lot of time generating images these days for presentations. My typical workflow is fairly scientific: I ask Midjourney to produce a relatively cute image of a frog, a toad, a robot, or some other vaguely anthropomorphic creature doing something related to the slide I’m about to present.

Once I get the image, I expand the background by about 90% so the character ends up in the corner of the slide. That gives me a nice, relatively clean area to drop text on top. Sometimes I use Photoshop to do the expansion. Sometimes Midjourney cooperates. ChatGPT is actually pretty good at this too. Nano Banana is… enthusiastic. It tends to try a little too hard right now.

That’s fun and all. But the more interesting comparison isn’t cute amphibians. It’s boring enterprise diagrams.

Recently I had to generate some architecture visuals for an RFP response. Rather than suffer alone, I decided to turn it into a model comparison experiment.

Below is a slightly simplified (but very real-feeling) prompt I used. The company is fictional. The buzzwords are not:

Create a clean, executive-level architecture diagram titled “Closed-Loop Member Intelligence Platform.”

The layout should be 16:9 and structured left to right with a circular optimization loop surrounding the system.

On the left side, show multiple member touchpoints feeding into the platform:
- Website (class browsing, account login)
- Mobile App (workout tracking, push notifications)
- In-Club Kiosks (check-in terminals)
- Wearable Device Integrations (fitness trackers)

Label this section: “Member Interactions Across Digital & Physical Channels.”

All touchpoints should flow into a large central hub labeled:

“Unified Member Profile & Real-Time Event Engine”

Inside the central hub, include:

- Web SDK
- Mobile SDK
- API Gateway
- Event Streaming Layer
- Clickstream Data Capture
- CRM Data Sync
- Identity Resolution Engine

Include a small sub-caption:
“Event-level data unifies anonymous visitors and active members into a single dynamic profile.”

From the central hub, arrows should flow to a right-side activation layer labeled:

“Real-Time Engagement & Orchestration”

Include these outputs:

- Personalized Workout Recommendations
- Dynamic Class Availability Messaging
- Triggered Retention Offers
- Membership Upgrade Campaigns
- A/B Testing & Experimentation Engine

Surround the entire diagram with a circular arrow labeled:

“Continuous Optimization & Revenue Growth”

Along the circular loop, include metrics:

- Engagement
- Conversion
- Retention
- Lifetime Value

Design style should be modern, minimal, and suitable for an enterprise SaaS presentation.
Use neutral tones with one accent color to indicate data flow.
Avoid clutter.
Make the architecture clear and readable for both technical and executive audiences.

Here are the results.

ChatGPT

Clear winner for “looks like a human consultant made this at 11:30 p.m. before a board meeting.” The text was incredibly legible. The layout was balanced. The hierarchy made sense. It genuinely looked like something you’d expect in a mid-market SaaS pitch deck.

I even did a reverse image search on some of the icons. No exact matches. That suggests they were generated rather than assembled from some common icon pack. Which is pretty cool.

Claude

Claude did something interesting. Instead of just giving me a static diagram, it generated a React application that rendered the architecture visually inside its canvas. I should have guessed this is what that nerd would do… in fact I did guess, but whatever.

That has upsides. I can tweak the code. I can modify the layout. I can version control it. That’s appealing to the nerd in me.

But technically it failed the homework assignent. It wasn’t what I asked for. I asked for a diagram image. What I got was a React app that displayed a diagram that I had to screenshot.

That said, I actually liked the aesthetic. It felt a little more “me.” Slightly less textbook. Slightly more product-thinking.

Gemini (Nano Banana)

The undisputed champion of 2026 in image generation, nano banana, was actually my least favorite of all of the designs. I think there’s something really weird about the arrows on the outside ring of this diagram. Why are there two arrows between “Engagement” and “Conversion”? Why are they different sizes? I did actually find a couple of exact matches when searching for some of these icons here, so so there might be some assembly on top of generation going here, but I cannot tell because these icons are so universal that it’s likely that that could just be a coincidence.

Midjourney

Ah, Midjourney. My current favorite for keynote frogs.

Completely and utterly useless for generating readable diagrams.

It’s phenomenal at stylized imagery. I’ve tuned it so much over time that it practically knows my aesthetic preferences better than I do. It’s like it’s been trained specifically to make amphibians that align with my personality.

The Omni feature (object permanence) is genuinely impressive. If you’re telling a visual story and need a character to look consistent across multiple scenes, or you’re creating a children’s book to convince your six-year-old that haircuts are not a violation of human rights, it’s fantastic.

But enterprise architecture diagrams? Nope, sucksville.

Wrapping Up

I was pretty sure that nano banana was going to run away with this one. Everyone I know works in banking or finance or medicine has been telling me how great the model is for generating diagrams and process flows. They’ve been raving about how things that were not possible three months ago are now completely durable with this model. It was a little bit of a surprise to see that my personal favorite was good old-fashioned ChatGPT. I think, for my personal use, I’m probably going to use Claude to generate diagrams because they’re a lot easier for me to tweak once they’ve been generated.

That said, I think this experiment showed that when I do this kind of work in the future, I’m just going to load up the same prompt in three different models and just pick the one I like the most. Some of it’s going to be personal tastes; some of it’s going to be how well the model interpreted the prompt, and some of it’s going to be the state of that particular LLM and its model on that given week.

And I’m going to stick to only using Midjourney for generating cute pictures of toads.

Greg Ross-Munro