Category: News

Thanks to the regional SMB network DIHOST, we have just welcomed here at University of Applied Sciences St. Pölten representatives of several security-affine companies to showcase the very first version of our PenQuest Scenario Creator, a standalone web tool that will allow the community to put together their own PenQuest games.

The tool will be released to the pubic in 2026 after the implementation of key features such as a visual infrastructure editor and comprehensive scenario validation that’ll help catch errors in the complex process of fine-tuning scenarios.

Starting January 1st, the team has started to rework PenQuest’s UI and to implement new usability features. These efforts are funded by KIRAS Innovation AKUT, a smaller grant designed to help research projects mature in terms of technology readiness. We are confident that, by the end of 2026, we will have an education game that not only offers realism through its state-of-the-art security model, but also improved usability and visual appeal.

Note that these reworks will only exist on our alpha server for the time being; if you are interested to become a tester, let me know!

As part of a work visit to MIT, Sebastian currently spends a month among the researchers of ALFA Lab, finetuning PenQuest’s bot & AI environment as well as exploring new opportunities for collaboration. Stay tuned for a more detailed write-up on what was discussed and which experiments were conducted with Una-May O’Reilly’s talented team!

The team welcomes Nico Gentilini, research assistant at St. Pölten UAS, who started to work on a scenario creation tool that will be published to the community at the end of 2025. The tool will enable players to design their own game boards and cards and combine them into educational or risk exploration stories.

Sebastian presented our paper “PenQuestEnv: A Reinforcement Learning Environment for Cyber Security” at ICISSP and gave participants a glimpse at the upcoming AI aspects of the game as well as the current client. This is only the beginning: We have big plans to turn the gamified model into an RL-based risk exploration tool that can be used in organizational risk assessment.

Stay tuned!

We are happy to announce that we have just published our main paper on the model and mechanics of our cyber defense game, “PenQuest”, in Computers and Security (COSE).

If you ever wanted to know how PenQuest works and that the underlying models are, feel free to check it out (open access): https://doi.org/10.1016/j.cose.2024.104287

We held a remote PenQuest workshop at UIIN Unlock conference targeted at lecturers and educators in higher education. The format focuses on digital escape rooms and gamification all across domains, so we felt right at home!

Another year, another IT security eXchange (ITsecX) at St. Pölten University of Applied Sciences. At our PenQuest booth, security professionals and students got the chance to play the latest version of the game and chat with the devs. We collected invaluable tester feedback and are happy to welcome many new penquesters to the fold!

With the biggest audience to date, PenQuest was presented to security professionals and enthusiasts at IKT Sicherheitskonferenz 2022 in Vienna, the largest annual security conference in Austria. IKT SIKON is hosted by the Austrian ministry of defense and attracts over 60 exhibitors. Topics ranging from industrial security and critical infrastructure to (counter-)intelligence and various technical attacks are covered in over 50 talks.

We are looking forward to new cooperation opportunities and are happy to have piqued the interest of so many experts in the field!

Continuing our busy September, Sebastian joined the sec4dev Conference in Vienna to introduce PenQuest to security-interested software developers. Participants could drop in and play the current version of the game at their pace.

PenQuest premiered as education tool in a full-day IT security workshop held at Das Fokus N’Cyan in St. Jakob. Participants from several companies, including the Red Cross, tackled a ransomware scenario and developed strategies for both attack and defense. The actions were then discussed and spiced up with examples, seamlessly integrating PenQuest into an established workshop setting.

We’re happy to welcome Simon Gmeiner to the team. As a data science student at St. Pölten University of Applied Sciences, he will work on our AI implementation, beginning with a simple bot and moving up to reinforcement learning.

We are happy to announce that Thomas and Maximilian have joined the PenQuest team. Thomas is a senior software developer who specializes in front-end development. He will be key in developing new features and improving the overall code. Max is visual designer who will focus on refreshing our current look and feel to be more flashy and, most importantly, user-friendly.

Welcome!

This year’s ITsecX at St. Pölten University of Applied Sciences followed the motto “Security Risk Economics: The Value of (Missing) Security” and again welcomed security experts, alumni, and interested techies to an evening of lively IT security exchange.

We offered participants the chance to play the current alpha of PenQuest and received invaluable feedback and offers of collaboration.

The team was invited to hold a seminar at Uni Luxemburg and engage in an interesting exchange with the local game theory experts. Future collaboration and possible applications of PenQuest to the domain of physical border security was discussed.

The team was happy to present PenQuest at this year’s think tank webinar series at the Austrian Computer Society. There was a lively discussion and we were able to win new testers for our cyber defense game!

Our project has garnered the attention of the Massachusetts Institute of Technology’s ALFA group, which specializes in Machine learning, evolutionary algorithms, and data science for knowledge mining, prediction, analytics, and optimization. With projects in cyber security and software analysis, the model behind PenQuest was of particular interest to the researchers.

The experts at ALFA expressed their interest to be involved in future alpha tests (no pun intended) and provide feedback to our project. We are looking forward to future collaboration!