Shell We Play A Game? CTF-as-a-service for Security Education
نویسندگان
چکیده
Although we are facing a shortage of cybersecurity professionals, the shortage can be reduced by using technology to empower all security educators to efficiently and effectively educate the professionals of tomorrow. One powerful tool in some educators’ toolboxes are Capture the Flag (CTF) competitions. Although participants in all the different types of CTF competitions learn and grow their security skills, Attack/Defense CTF competitions offer a more engaging and interactive environment where participants learn both offensive and defensive skills, and, as a result, they develop their skills even faster. However, the substantial time and skills required to host a CTF, especially an Attack/Defense CTF, is a huge barrier for anyone wanting to organize one. Therefore, we created an on-demand Attack/Defense tool via an easy-to-use website that makes the creation of an Attack/Defense CTF as simple as clicking a few buttons. In this paper, we describe the design and implementation of our system, along with lessons learned from using the system to host a 24-hour 317 team Attack/Defense CTF.
منابع مشابه
Experiences In Cyber Security Education : The MIT
Many popular and well-established cyber security Capture the Flag (CTF) exercises are held each year in a variety of settings, including universities and semi-professional security conferences. CTF formats also vary greatly, ranging from linear puzzle-like challenges to team-based offensive and defensive free-for-all hacking competitions. While these events are exciting and important as contest...
متن کاملGamifying Education and Research on ICS Security: Design, Implementation and Results of S3
In this work, we consider challenges relating to security for Industrial Control Systems (ICS) in the context of ICS security education and research targeted both to academia and industry. We propose to address those challenges through gamified attack training and countermeasure evaluation. We tested our proposed ICS security gamification idea in the context of the (to the best of our knowledge...
متن کاملExperiences In Cyber Security Education :
Many popular and well-established cyber security Capture the Flag (CTF) exercises are held each year in a variety of settings, including universities and semi-professional security conferences. CTF formats also vary greatly, ranging from linear puzzle-like challenges to team-based offensive and defensive free-for-all hacking competitions. While these events are exciting and important as contest...
متن کاملLive Lesson: Lowering the Barriers to Capture The Flag Administration and Participation
Capture The Flag (CTF) competitions have a rich history of incredibly technical individuals providing information security resources for each other. CTFs have been used by the information security community for education and assessment for over a decade. They’re widely regarded as an excellent introduction to the information security industry given their competitive aspect, team building nature...
متن کاملDefcon Capture the Flag: Defending Vulnerable Code from Intense Attack
Defcon’s Capture the Flag (CtF) game is the largest open computer security hacking game. This year’s CtF hat rules that made it particularly difficult to be a successful defender. We entered an Immunix server, comprised of five years of IA&S, OASIS, FTN, and CHATS technologies, to see whether this system could survive sustained attack from determined experts. We describe our experience survivin...
متن کامل