Shell we play A game? CTF-as-a-service for security education

Erik Trickel, Francesco Disperati, Eric Gustafson, Faezeh Kalantari, Mike Mabey, Naveen Tiwari, Yeganeh Safaei, Adam Doupé, Giovanni Vigna

Research output: Contribution to conferencePaperpeer-review

17 Scopus citations

Abstract

Although we are facing a shortage of cybersecurity professionals, the shortage can be reduced by using technology to empower all security educators to efficiently and effectively educate the professionals of tomorrow. One powerful tool in some educators’ toolboxes are Capture the Flag (CTF) competitions. Although participants in all the different types of CTF competitions learn and grow their security skills, Attack/Defense CTF competitions offer a more engaging and interactive environment where participants learn both offensive and defensive skills, and, as a result, they develop their skills even faster. However, the substantial time and skills required to host a CTF, especially an Attack/Defense CTF, is a huge barrier for anyone wanting to organize one. Therefore, we created an on-demand Attack/Defense tool via an easy-to-use website that makes the creation of an Attack/Defense CTF as simple as clicking a few buttons. In this paper, we describe the design and implementation of our system, along with lessons learned from using the system to host a 24-hour 317 team Attack/Defense CTF.

Original languageEnglish (US)
StatePublished - 2017
Event2017 USENIX Workshop on Advances in Security Education, ASE 2017, co-located with USENIX Security 2017 - Vancouver, Canada
Duration: Aug 15 2017 → …

Conference

Conference2017 USENIX Workshop on Advances in Security Education, ASE 2017, co-located with USENIX Security 2017
Country/TerritoryCanada
CityVancouver
Period8/15/17 → …

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Shell we play A game? CTF-as-a-service for security education'. Together they form a unique fingerprint.

Cite this