PenQuest

Gamification of practice-oriented IT/OT security training through the simulation of cyber threats.

Background and Problem Statement

IT and OT infrastructures are becoming increasingly complex, bringing with them new risks and security threats. Addressing these challenges requires stronger technical, organizational, and human defence measures, as well as a deeper understanding of modern attack techniques. This knowledge is essential for identifying vulnerabilities and effectively mitigating risks.

Equipping people with the necessary skills and helping them better understand how complex tactics and techniques interact presents a major challenge. Training programs in this domain are mainly offered within organizations and typically target end users. By contrast, there is a clear lack of training opportunities tailored to IT/OT professionals and future specialists.

To address this, in the current project we focus on:

  • App-supported exploratory threat simulations in technical and organizational environments, including complex systems that combine IT, OT, as well as cloud-based and mobile solutions.
  • Targeted knowledge transfer aligned with existing corporate infrastructures, aimed at current and future professionals who need to understand attack and defense techniques, as well as prevention, detection, and response measures.

Aims

We are developing a browser-based teaching and training platform that simulates threat scenarios and can be flexibly adapted to different situations and real-world infrastructures. The platform builds on an existing prototype created as part of the FWF project INODES.

The project rests on three main pillars:

  • Improving the simulations,
  • Enabling playful, interactive learning experiences, and
  • Creating a streamlined and user-friendly interface.

The platform is adaptable and suitable for use in both civilian and military contexts. The overarching goal is to offer training programs that better prepare IT professionals for real-world cyberattacks.

Result

Building on an existing prototype, PenQuest is being further developed within the Innovation AKUT funding program. The main improvements include making it more user-friendly and turning it into a practice-oriented application. The platform encompasses a wide range of threat scenarios and imparts key cybersecurity concepts in an easy-to-digest and playful way.

You want to know more. Feel free to ask.

FH-Prof. Dipl.-Ing. Dr. Robert Luh BSc
Academic Director IT Security (BA)
Department of Computer Science and Security
Location: B - Campus-Platz 1
M: +43/676/847 228 451
Project manager
Staff
External Staff
Thomas Petelin
Maximilian Rieger
Partners
  • Kibosec GmbH
  • Bundesministerium für Landesverteidigung (BMLV)
Funding
FFG (KIRAS)
Runtime
01/01/2026 – 12/31/2026
Status
current
Involved Institutes, Groups and Centers
Forschungsgruppe Secure Societies
Institute of IT Security Research