Guardians 2025 Finalists Went Through Cybersecurity Hell!

/ /

19. 02. 2025

Cybersecurity isn’t just about technical skills—it’s also about making quick decisions, distinguishing real threats from distractions, and staying calm under pressure. The Guardians 2025 finals put these abilities to the ultimate test. Over the course of a few hours, the finalists faced as much hacker activity as an average company experiences in an entire year. The Red Team carefully prepared a series of simulated attacks based on real-life incidents from professional practice.  

How an Ordinary Day Turns Into a Cyber Nightmare 

The finalists found themselves in a simulated corporate environment, dealing with situations that companies around the world face daily. On the surface, it was just another workday—employees arrived at the office, the IT department handled routine requests, and the network operated normally. But beneath the surface, a series of both subtle and aggressive cyberattacks were unfolding. 

A Well-Intentioned Employee, a Poor Approach 

In one scenario, an IT specialist decided to test a new AI model downloaded from an unverified source. Under time pressure, he neglected proper security settings and overlooked warning signs during installation. The result? Two backdoors were activated on his computer, giving attackers remote access to the system. Once his workday ended, his workstation automatically transformed into a cryptocurrency mining tool, while also exposing the company to additional attack vectors. 

A Firewall That Couldn’t Keep Up 

In another case, attackers targeted an outdated firewall that hadn’t been updated in a long time. After breaching its configuration, they identified security gaps within the network and found a way to gain access to a privileged user account. This account then became the foundation for further attacks, allowing the intruders to move deeper into the company’s infrastructure. 

When the Security Team Fights Its Own System 

To push the finalists even further, we launched an attack on security monitoring systems. A flood of false alarms forced analysts to sift through dozens—sometimes hundreds—of alerts within minutes. Hidden among them was a single real attack, carefully disguised. If the team couldn’t quickly and efficiently distinguish critical threats from background noise, disaster was inevitable. Only one of the three finalist Blue Teams successfully defended against this tactic. 

A Company Losing Control Over Communication 

In another scenario, attackers exploited a vulnerability to gain full access to the email server. Every email was silently forwarded to external servers, giving the attackers full visibility into the company’s communications. Even after defenders detected and removed the intruders, only one team realized that the exfiltration process was still running in the background. 

A Threat Lurking for Months 

The most dangerous scenario involved attackers who had infiltrated the company’s infrastructure long before the simulation even began. Using an advanced remote access tool (identical to those used by ransomware gangs), they patiently waited for the right moment. Had the defenders failed to detect them in time, the attackers could have encrypted all corporate data in an instant, completely paralyzing the company. 

The Final Attack: Total Compromise 

The last phase of the competition demonstrated how a company can be pushed into total helplessness. Exploiting weaknesses in the network, the attackers gained access to domain controllers, took control of corporate accounts, and eventually reset all employee passwords. In a real-world scenario, this would mean that employees couldn’t log into their systems, effectively shutting down company operations indefinitely. 

How Can Companies Anticipate and Handle These Situations? The Answer: BinConf RANGE!! 

The entire competition took place on our BinConf RANGE simulation wargame platform, which enables security teams to train for real-world cyber incidents. BinConf RANGE replicates actual attacks, allowing organizations to test how their systems and employees would respond to various threats. 

What Does BinConf RANGE Offer? 

Realistic attack simulations that help companies understand how a small employee mistake can lead to a massive breach. 

Training security teams to make effective decisions under pressure and correctly prioritize threats. 

Testing response capabilities and identifying weaknesses in IT infrastructure before real attackers exploit them. 

The Guardians 2025 finalists proved that they’re ready to fight cyber threats, but attacks continue to evolve. If you want your organization to be prepared for real-world cyber incidents, training in BinConf RANGE can provide a decisive advantage.

European Cybersecurity Competence Centre (ECCC) supports this initiative under project grant agreement 101128075. 

 

[our manifesto]

Join our newsletter

Sign up to get the latest information and news from Binary Confidence.