Skip to content

Scenarios

There are 5 scenarios, which will be released during the course of the challenge. There is no time limit for solving the scenarios, so you can hop on the challenge anytime, provided you manage to submit your agent before the end of the challenge at 24. October 2025.

After the challenge conclusion, there will be two more scenarios released, both aimed at multi-agent setup and intended to further push the difficulty.

Scenario no. 1

Name: Basic scenario

Published: 18. August 2025

Topology:

logo logo

Goal: Data exfiltration from the target.

Description:

A simple scenario featuring one router and two end devices. Your agent starts on one of the machines, the other is the target. At the target, there is at least one service containing interesting data, that can be extracted through the usage of ac1:exfiltrate_data action, thus fulfilling the goal of the scenario. Other services can either aid you to get access to the target, or are there as a distraction.

Both the attacker and the target can have an IP from the whole 192.168.0.0/24 range.

There are no firewall restrictions, nor there is any active defense.

Scenario no. 2

Name: Basic scenario v. 2

Published: 25. August 2025

Topology:

logo logo

Goal: Data exfiltration from the target.

Description:

This scenario is a more difficult variant of the previous scenario, because:

1) The topology is more complex. The agent is no longer in the same network as its targets. The target network is partitioned into three subnets. Only the DMZ is visible to the attacker, the other can only be accessed through the DMZ.

2) There are a variable number of target machines in each subnet (usually about 2-4). On some of them, there are exploitable services, which will not lead you anywhere - so beware of dead ends.

But in the end, the goal and the final approach is the same as with the previous scenario. In short, the agent has to discover the DMZ and get a session on one of those machines there. The use the session to probe the target network and discover vulnerable machines. And finally, find a vulnerable database with interesting data and exfiltrate the data using the ac1:exfiltrate_data action.

Comments and changes:

  • If you use the logging framework for your agent in the following fashion, anything you log will be in the log/cyst_service<run_id>.log: 

    self._log = logging.getLogger("service.<your_agent_identifier>")

  • Your agent gets the target network as a string in the __init__ function: 

    def __init__(self, msg: EnvironmentMessaging, res: EnvironmentResources, id: str, args: Optional[Dict[str, Any]]):
    ...
    target_network = args["target_network"]
    ...

  • Don't forget to update aica_challenge, as there were some code changes.

Scenario no. 3

Name: Defended network v. 1

Published: 1. September 2025

Topology:

logo logo

Goal: Data exfiltration from the target.

Description:

This scenario shares the same topology with the scenario no. 2, so there is no surprise here (aside from different services, exploits, and IP addresses). However, it adds an active defender into the mix.

The defender works in a simplistic manner:

  • It checks whether a certain IP address sends more than a given threshold requests in a given time window.
  • If it does, it blocks the address from further communication for a given time.

Both the threshold and block time are randomly set for each episode, but remain in higher tens of messages and lower tens of seconds. If the IP address communicates while being blocked, the block is refreshed. Therefore, an agent must cease sending messages if it is ever to be unblocked again.

To make it easier, an agent can determine it has been blocked by checking the status on responses. If the status origin is set to NETWORK and status value to ERROR, then it means it is blocked.

To send messages with a delay (i.e., to add a pause to agent's message barrage), use the delay parameter of send_message(). For example this code will send the message with 10 virtual seconds delay.

request = self._messaging.create_request(dst_ip, dst_service, action)
self._messaging.send_message(request, 10)

The goal is remaining the same - exfiltration of interesting data.

Comments and changes:

  • Your agent gets the target network as a string in the __init__ function: 

    def __init__(self, msg: EnvironmentMessaging, res: EnvironmentResources, id: str, args: Optional[Dict[str, Any]]):
    ...
    target_network = args["target_network"]
    ...

  • Don't forget to update aica_challenge, as there were some code changes.

  • As usual, if you are stuck, check the sources of the heuristic agent.

Scenario no. 4

Name: Complex network v. 1

Published: 15. September 2025

Topology:

logo logo

Goal: Data exfiltration from the target.

Description:

This time, the difficulty is growing a bit. The scenario topology grew larger, with a lot of empty spaces. For the first time, you will also be using authentication tokens and sessions found on attacked machines. And with a limited information, you will be probing in the dark. Thankfully, defenders are asleep now, so that is one less thing to worry about.

First of all, you as an attacker and the final target are somewhere within 10.0.0.0/8. That's a pretty big space, so you can't reasonably scan your way out of it (needless to say that you couldn't do anything, even if you found it). You will have to go through the infrastructure on the right. You know that its public-facing address range is 10.3.0.0/24, so you know at least something. Once you set your foot there, you will have to focus on the 192.168.0.0/16 address space. Be aware that there are unknown rules for traffic between various subnets and you can't simply get from anywhere to anywhere. Access to a new machine can make other machines available to you. Also, don't forget that you get the IPs of your targets from the ac1:inspect action, so that can help you guide your step.

For the first time, you will encounter AuthenticationTokens (think a username-password combo). You will find one such on one of the machines, but as is the case with passwords lying around, you will have no idea what is it useful for, so you will have to blindly try it.

You will be given those tokens from the ac1:inspect action (see updated description), and you use them like this:

async def process_message(self, message: Message) -> Tuple[bool, Duration]:
    ...
    # Let's say the message is a response from ac1:inspect
    if isinstance(message, Response):
        auths = message.content["auths"]
        ...
        new_request = self._messaging.create_request(..., action=self._actions["ac1:access_target"], auth=auths[0])

If the token was correct for given service, it will open a new session for you.

This will, however, not be the only way to get sessions to other machines. You can also found them on running services and hijack them. The mechanism is similar to token handling, and it is described in the updated description of ac1:inspect action:

async def process_message(self, message: Message) -> Tuple[bool, Duration]:
    ...
    # Let's say the message is a response from ac1:inspect
    if isinstance(message, Response):
        sessions = message.content["sessions"]
        for session in sessions:
            target_ip = session.end[0]
            target_service = session.end[1]
    ...

You can always find, where the session leads and just follow with the benefit of doors opened for you and providing you with a local-level access.

In the end, the goal is still the same - exfiltration of interesting data from a machine in the 10.0.0.0/8 network.

Comments and changes:

  • Your agent gets the target network as a string in the __init__ function: 

    def __init__(self, msg: EnvironmentMessaging, res: EnvironmentResources, id: str, args: Optional[Dict[str, Any]]):
    ...
    target_network = args["target_network"]
    ...

  • Don't forget to update aica_challenge, as there were some code changes.

  • As usual, if you are stuck, check the sources of the heuristic agent.

Scenario no. 5

Name: Defended network v. 2

Published: 24. September 2025

Topology:

logo logo

Goal: Data exfiltration from the target.

Description:

To prevent a too large of a difficulty hike, the 5. scenario is the same as the 4., with only the delay defender added. Considering the large number of requests that your agent needs to make in this large infrastructure, the defending thresholds are a bit higher to make it easier to finish.

Comments and changes:

  • Don't forget to update aica_challenge, as there were some code changes.
  • As usual, if you are stuck, check the sources of the heuristic agent.