Nextron Systems supports teams participating in Locked Shields, one of the most advanced and large-scale live-fire cyber defence exercises. Organised by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), the exercise brings together multinational blue teams tasked with defending realistic IT infrastructures against sophisticated cyber attacks in real time.

Supporting Blue Teams During the Exercise

During the exercise, teams face adversaries who actively attempt to evade detection, tamper with logs, and maintain persistence across endpoints. In these conditions, real-time monitoring alone may not provide full visibility especially when suspicious traces remain in files, logs, configuration, or other artifacts at rest.

THOR APT Scanner is used to support compromise assessments with high-sensitivity detection logic, helping teams uncover suspicious traces, attacker toolmarks, and post-compromise leftovers across systems and data at rest – including findings that traditional endpoint controls often miss.

THOR helps teams move beyond artifact collection by applying curated detection logic to systems and data at rest, surfacing suspicious traces and blind-spot findings that are often missed by conventional endpoint controls.

This type of analysis is critical in incident response because defenders need more than a binary answer on whether a system was compromised. They need visibility into what remains on the system – suspicious artifacts, persistence remnants, attacker tooling, and other quiet leftovers that help reconstruct the scope of an intrusion.

Real-World Relevance

The exercise is widely recognised for its technical depth and realistic cyber defence scenarios. Supporting teams in this environment provides valuable insight into how high-sensitivity detection logic performs under operational pressure, especially in situations where defenders need visibility beyond standard real-time controls.

“Locked Shields represents one of the most demanding cyber defence environments available today. Supporting teams under these conditions helps us better understand the challenges defenders face and continuously improve our detection capabilities.”
— Florian Roth, CTO, Nextron Systems

About Locked Shields

Locked Shields is the world’s largest live-fire cyber defence exercise, organised annually by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia. The exercise brings together teams from allied nations to defend complex IT infrastructures against coordinated cyber attacks in real time.

Locked Shields is organised by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). Nextron Systems supports participating teams.