A Warm Up for Capture the Flag

I have been using Capture the Flags (CTFs) in my classrooms since 2013 and been training teachers in their use since 2017. While I wholeheartedly appreciate the staggering amount of work picoCTF and Carnegie Mellon do and did, I always felt that there was a learning curve issue they were having difficulty meeting. At the same time, I have seen other CTFs come and go and, invariably, they seem to be not as interested in the learning curve as I am.

Don’t know what a CTF is? I wrote this many years ago and it is out of date, but it will get you up to speed. I’ll also be updating it extensively once I get the CTF of my dreams built:

http://code.ceos.io/ctf-teacher-guide-draft.pdf

So, long story short, I am embarking on an ambitious task to create a truly beginner friendly CTF that even the most inexperienced CS teacher can feel safe in using in their classroom. At the same time, I hope it will double as an entry way for teachers who aren’t ready to expose their students to a CTF and want to learn enough to be comfortable using them in their classrooms. Here is the list of warm up topics currently up:

Hello World – Literally here is the flag, put the flag in

Go To Considered Harmful – Basic search engine research

Ask and Ye Shall Receive – Hex to ASCII

BaseBall – Convert binary, octal, and hexadecimal to decimal

K&R – More basic search engine research

Extensions Lie – Teach that you pretty much have to ignore the three letter extension at the end of the file

SuperBase – Base64 encoding

grep is Your Kinsman – grep fun

Et Tu Brutus – Caesar Cipher

Show Me the… Source? – Learning how to show source in your browser

Hello Zip – Decompressing zip files

Zip Line – File magic numbers and hex editors

Use the Telnet Force – telnet

A Sticky Situation – UNIX/Linux tar fun

Net Kitty – nc (netcat)

You Shall Not Pass – Web browser cookies

A key feature is that these problems are not designed to be tricky, but rather to give students (and teachers) a baseline to do more complicated CTFs. The problems are entirely designed to teach a specific CTF topic, rather than confuse students, and additionally direct them to resources they need to solve these (and more complicated) problems. I’m also big into teaching computer history, so you can will see I have snuck some of that into the problems, as well.

I have tried to make it as platform agnostic as possible, by avoiding some of the more CLI based fundamentals (at least for the warm up). I am trying to remain as iPad and ChromeBook friendly as possible.

Long story short, I am pleased to announce that the warm up questions are available to both teachers and students alike at:

https://warmup.ctfd.io

Inspired by: picoCTF
Made possible by: ctfd.io

Leave a comment