A national cyber/AI exercise in a CTF format on an isolated cyber-range. The narrative axis: K0NSULT vs the rest of Poland vs the rest of the world β treated as an honest benchmark ladder, not a claim of superiority. A position on the ladder is to be earned and measured with the same rubric; until comparative data exists, the status is GAP.
The benchmark ladder exists to honestly place K0NSULT beside the national and global frontier and to measure the distance with proof, not a declaration. Every tier starts from the same evidence-first rubric: ATT&CK coverage, MTTD/MTTR, evidence completeness, GAP count.
Three reference levels. K0NSULT's position is not declared up front β it is a hypothesis to be proven in the exercise. The absence of hard comparative data from the PL/WORLD tiers = GAP to be closed by registration and results.
Target 10,000 pentesters and defenders PLANNED. Ecosystem: national CERT, CSIRT, sectoral teams, university labs and student clubs, institutional red/blue teams. A reference point for national SOC maturity.
GAP β no registration, the number is a target.
Global red teams and the standard of international CTFs: DEF CON CTF format, Hack The Box, TLPT (DORA) / TIBER-EU style exercises. A reference for "how far to the best". Public methodological benchmarks.
PUBLIC_CLAIM β a methodological reference, not a ranking.
The differentiator: an AI swarm + the evidence-first doctrine. Measured by the SAME rubric as PL and WORLD β no easy pass. K0NSULT's result is published as an exercise SIMULATION, not a championship title.
SHARED RUBRIC β an honest measure of distance.
The numbers below are program targets (ROADMAP), not confirmed registrations. Until sign-up opens, the status stays GAP.
Attack/defense CTF on an isolated cyber-range. Offensive methodology (recon β exploitation β post-exploitation) only against synthetic sandbox targets. Zero payloads published, zero real systems.
SIMULATION
Detection, threat hunting, DFIR, SOC work: rule building, log correlation, artefact analysis, chain of custody. Scored for speed and evidence quality, not for spectacle.
SIMULATION
RedβBlue coordination, MITRE ATT&CK matrix coverage, validation of detections against executed techniques. Reward for maximal, proven coverage.
SIMULATION
Prompt injection, agent hijack, model extraction/poisoning, LLM red-teaming, human-in-the-loop oversight. The AI incident class treated as first-class security β K0NSULT's signature.
SIMULATION
Tabletop exercises: DORA, NIS2, AI Act. Reporting clocks 24h/72h, the decision to notify the authority, an audit trail. The cleanest compliance process wins, not the fastest exploit.
SIMULATION
Every track is settled by the same denominator: detection proof, MTTD/MTTR, chain of custody, zero GAP. This binds the 5 tracks into one comparable result.
One currency: proof. Points do not flow for merely "capturing the flag" but for a documented effect.
| Metric | What it measures | Direction |
|---|---|---|
| Detection proof | Whether the event has an artefact (log, hash, screenshot, IoC) | required |
| ATT&CK coverage | % of techniques detected/covered against the scenario | higher = better |
| MTTD | Mean Time To Detect β median time to detection | lower = better |
| MTTR | Mean Time To Respond β median time to response | lower = better |
| Evidence completeness | % of reports with a full chain of custody | higher = better |
| GAP count | Number of claims without evidentiary backing | 0 = target |
A sandbox per team, separated from the Internet and production systems. Real targets = OUT OF SCOPE. Attacks only on synthetic exercise infrastructure.
The page contains and will contain no payloads or offensive instructions. We publish methodology and results, not weapons.
Without a signed Rules of Engagement and consent β no action (status GAP). Safe harbor only for authorized, defensive actions.
Names will be given after confirmation. Until then β categories only, status PUBLIC_CLAIM.
Institutions from the group of globally systemically important banks β anonymous. PUBLIC_CLAIM
Coordination with the national CSIRT, program notification. PUBLIC_CLAIM
Student clubs, labs, a recruitment channel. PUBLIC_CLAIM
The cyber ministry β framework oversight and coherence with NIS2. PUBLIC_CLAIM
The hackathon is the top of the funnel. Participants with a proven result enter the specialist roster (target 50,000 ROADMAP), from which task swarms are formed.