The Cybersecurity Foundation took substantive patronage of the IN.SE.CON conference and appeared at the event organized on April 2-3, 2025, in Poznań. At our stand, visitors could play a specially prepared CyberBastion game scenario. It’s not every day you get such an opportunity!
Conference participants were able to face a realistic scenario based on the activities of the APT44 group (also known as Sandworm). The inspiration was Operation BadPilot, which targeted critical infrastructure, the energy and telecommunications sectors, and government institutions. Its goal was long-term network infiltration, data theft, and maintaining access to the victims’ systems.
In the simulation, the target of the attack was a fictional company called Stalowe Kłosy S.A. from the military sector. The organization had basic security measures in place: blocked USB ports, event logging, physical and environmental security, and a perimeter firewall. Participants in the game also had access to real-time threat intelligence.
The entire game lasted 8 minutes. During the first 4 minutes of the simulated attack, as many as 5 techniques from the MITRE ATT&CK framework were used. Players started with a budget of PLN 2 million, but were able to obtain additional funds during the simulation.
81 people took part in the event. The best result – 61.59% of the organization’s security level maintained – was achieved by a student of the War Studies University in Warsaw. The three people who achieved the best results during these two days received a prize – vouchers for a special training course based on the CyberBastion game, which will take place in September in Warsaw.
Thank you all for participating – see you next time!
