SIEGE, six24’s AI-driven threat evaluation platform, will be deployed during Cyber Fortress 2025, a two-week cyber training and exercise event taking place this August. Focused on protecting critical infrastructure across the State of Virginia, the exercise involves participants from the Virginia Army National Guard, Maryland and Delaware Electric Cooperatives, as well as state and DoD officials.
In the exercise, SIEGE will assume the role of VOLT Typhoon, a state-sponsored threat actor attributed to the People’s Republic of China. This provides a unique opportunity to demonstrate SIEGE’s ability to emulate advanced persistent threats (APTs) using living-off-the-land techniques, leveraging misconfigurations, stolen credentials, and stealthy tactics to move laterally through enterprise environments, locate Operational Technology (OT) networks, and disrupt critical services.
To enable this level of fidelity, six24 developed Torque, a custom interface layer that allows AI agents to issue real-time shell commands and operate like a live adversary. Torque supports tunnel routing, host-based command execution, and post-exploitation behaviors beyond what traditional tools like Metasploit or Cobalt Strike can offer. SIEGE’s AI agent has been trained to use Torque, Metasploit, and other tools to carry out realistic APT workflows.
Key Capabilities Demonstrated at Cyber Fortress:
- Catch Callback: SIEGE will use real-world remote access trojans including NJRat, BitRat, and AsyncRAT to achieve interactive access on target systems.
- Ransomware Simulation: At the request of exercise planners, SIEGE will execute a ransomware scenario using a custom WannaCry variant delivered via Group Policy Objects (GPO).
- Key Terrian Identification: The agent identifies mission-critical assets using Windows system artifacts—without relying on noisy scanning techniques. This enables low-profile, stealthy movement across the network.
Unlike heuristic-based platforms, SIEGE is built on Reinforcement Learning (RL), enabling it to behave more like a real human adversary. It dynamically learns how to achieve its goals within a live environment, generating attack paths and sequences of commands that reflect real-world tradecraft.
Throughout the exercise, SIEGE will provide: Real-time visualization of the AI agent’s activity, Machine-readable logs and human-readable summaries, and Daily reporting to support after-action reviews and breach validation. Cyber Fortress 2025 represents a major opportunity to showcase how AI can be operationalized for threat emulation, helping defenders train against adaptive, capable adversaries before they ever see them in the wild.