Shell We Play A Game? CTF-as-a-service for Security Education

Abstract

Although we are facing a shortage of cybersecurity professionals, the shortage can be reduced by using technology to empower all security educators to efficiently and effectively educate the professionals of tomorrow. One powerful tool in some educators’ toolboxes are Capture the Flag (CTF) competitions. Although participants in all the different types of CTF competitions learn and grow their security skills, Attack/Defense CTF competitions offer a more engagingand interactive environment where participants learn both offensive and defensive skills, and, as a result, they develop their skills even faster. However, the substantial time and skills required to host a CTF, especially an Attack/Defense CTF, is a huge barrier for anyone wanting to organize one. Therefore, we created an on-demand Attack/Defense tool via an easy-to-use website that makes the creation of an Attack/Defense CTF as simple as clicking a few buttons. In this paper, we describe the design and implementation of our system, along with lessons learned from using the system to host a 24-hour 317 team Attack/Defense CTF.

Publication
In 2017 USENIX Workshop on Advances in Security Education (ASE 17)
Date

Cite it:

@inproceedings{trickel2017shell,
  title={Shell We Play A Game? CTF-as-a-service for Security Education},
  author={Trickel, Erik and Disperati, Francesco and Gustafson, Eric and Kalantari, Faezeh and Mabey, Mike and Tiwari, Naveen and Safaei, Yeganeh and Doup{\'e}, Adam and Vigna, Giovanni},
  booktitle={2017 $\{$USENIX$\}$ Workshop on Advances in Security Education ($\{$ASE$\}$ 17)},
  year={2017},
  organization={USENIX$\}$ Association$\}$}
}