Interactive Training Scenarios

Deception & Detection
Training Scenarios

Realistic cybersecurity incident simulations designed for European government and critical infrastructure contexts. Practice coordinated response to honeypot detections in a safe environment.

Realistic Threats
Multi-Agency
Cross-Border
Tamper-Evident Evidence

Professional Training Scenarios

Featured Scenario

Operation Decoy Storm: EU Parliament Intrusion

Advanced Persistent Threat Against Legislative Systems

A sophisticated nation-state actor has probed EU legislative systems. Use honeypot decoys and attacker-behaviour telemetry to coordinate a multi-agency response, preserve tamper-evident evidence, and maintain democratic processes.

Advanced

Scenario Details

Duration3 hours
Participants8-12
TypeCross-border incident response

Technologies Used

SSH honeypots
Attacker-behaviour modelling
Tamper-evident evidence (SHA-256)
Decoy services
+1 more technologies

Learning Objectives

Coordinate cross-border cybersecurity incident response
Deploy SSH honeypot decoys under live conditions
Analyse attacker sessions with Bayesian and Markov models
Maintain evidence integrity using tamper-evident hashing
+1 more objectives

Participating Agencies & Organizations

EU Parliament ITENISANational CSIRTsNATO CCDCOEEuropol EC3
Launch Scenario
Certification Eligible
Featured Scenario

GridLock Europa: Energy Infrastructure Protection

Coordinated Cyber-Physical Attack on Critical Infrastructure

Multiple energy grid operators across the EU face simultaneous cyber-physical attacks targeting SCADA systems. Use decoy services and behaviour telemetry to lead a coordinated defense and prevent cascading failures.

Advanced

Scenario Details

Duration4 hours
Participants10-15
TypeCritical infrastructure defense

Technologies Used

SCADA security protocols
Decoy services
Industrial IoT protection
Cross-border coordination systems
+1 more technologies

Learning Objectives

Secure operational technology under attack
Coordinate multi-national infrastructure protection
Deploy honeypot decoys across OT networks
Balance security with operational continuity
+1 more objectives

Participating Agencies & Organizations

National energy regulatorsTSO operatorsIndustrial cybersecurity teamsEmergency servicesEU crisis management
Launch Scenario
Certification Eligible

Financial Fortress: Banking Sector Deception

Honeypot Deployment for Financial Infrastructure

Intelligence reports indicate increased targeting of EU financial infrastructure. Deploy honeypot decoys and analyse attacker sessions to detect and characterise intrusion attempts early.

Intermediate

Scenario Details

Duration2.5 hours
Participants6-10
TypeDetection and deception planning

Technologies Used

SSH honeypots
Attacker-behaviour modelling
Decoy services
Financial messaging security
+1 more technologies

Learning Objectives

Plan rapid honeypot decoy deployment
Coordinate with financial regulatory authorities
Analyse attacker sessions with behaviour models
Maintain payment system availability
+1 more objectives

Participating Agencies & Organizations

European Central BankNational banking supervisorsSWIFT networkPayment processorsFinancial intelligence units
Launch Scenario
Certification Eligible

MedSecure Response: Healthcare Data Protection

Ransomware Intrusion in Medical Systems

A ransomware strain has targeted patient data across multiple EU member state hospitals. Use honeypot detections and behaviour telemetry to coordinate recovery while maintaining patient safety and privacy.

Advanced

Scenario Details

Duration3.5 hours
Participants8-14
TypeSector-wide incident response

Technologies Used

Medical device security
Patient data encryption
Emergency response protocols
SSH honeypots
+1 more technologies

Learning Objectives

Coordinate healthcare cybersecurity incident response
Balance patient safety with security requirements
Implement GDPR-aware recovery procedures
Secure medical IoT and connected devices
+1 more objectives

Participating Agencies & Organizations

National health servicesMedical device manufacturersPatient data protection authoritiesEmergency medical servicesEU health security committee
Launch Scenario
Certification Eligible

AeroDefense: Aviation Security Crisis

Air Traffic Management System Intrusion

Air traffic control systems across European airspace face a coordinated intrusion attempt. Use honeypot decoys and behaviour telemetry to detect and contain it while maintaining safe aviation operations.

Advanced

Scenario Details

Duration4 hours
Participants12-18
TypeMulti-national aviation security

Technologies Used

Air traffic control security
Aviation communication protocols
Flight safety systems
International coordination networks
+1 more technologies

Learning Objectives

Secure aviation systems under intrusion
Coordinate international airspace protection
Balance security with flight safety requirements
Implement emergency communication protocols
+1 more objectives

Participating Agencies & Organizations

EUROCONTROLNational aviation authoritiesAirlinesAirport operatorsInternational aviation security
Launch Scenario
Certification Eligible

Scenario Categories

Government Security

8

Legislative, executive, and judicial branch cybersecurity scenarios

Critical Infrastructure

12

Energy, transport, water, and telecommunications protection

Cross-Border Coordination

6

Multi-national incident response and information sharing

Emerging Threats

4

Automated attacks, evasive intrusions, and novel attack vectors

Training Integration

Our scenarios integrate the deception technologies from the PHANTAQSM platform

SSH Honeypot Decoys

SSH honeypots and decoy services that engage attackers and capture their sessions for analysis within scenario response protocols.

Decoy services • Session capture • Privacy protection

Tamper-Evident Evidence

Evidence collection and chain of custody using SHA-256 and keccak256 hashing to make tampering detectable.

Evidence integrity • Tamper-evident hashing • Audit trails

Attacker-Behaviour Modelling

Bayesian and Markov models for characterising attacker sessions, pattern recognition, and incident response recommendations.

Behaviour modelling • Pattern analysis • Response support

Ready to Test Your Cybersecurity Response?

Training scenarios to help EU government professionals strengthen their incident response capabilities.