CyberSword is a beginner-friendly online cybersecurity competition. Students will complete a series of fun challenges and gain hands-on experience with Python programming, SQL, and cybersecurity. Students will need a laptop or desktop machine with an updated browser and an internet connection.
Important
This repo uses git submodules.
Remember to clone with --recursive:
git clone git@github.com:nkcyber/cybersword.git --recursiveTo get started with this project, install the CTFd CLI and run ctf init to initalze your project information.
See administration.md for more information.
This project uses the CTFd CLI for challenge management.
Check the documentation for more information about running this event.
Note that automatic challenge deployment is not available in the free version, which we're using.
As such, we have to take a more involved approach to challenge service deployment.
TO DO
-
Important:
- Fix bad user experience with AI lab
- Modify installation script to support cgroups configuration
- Write test suite to check that ai lab & code runner are set up correctly
-
Services:
- how to sync files and images in CTFd?
- use nkcyber logo in index page and whatnot
- create introduction page in CTFd explaining goals and how to submit flags.
- how to sync files and images in CTFd?
-
Create challenges:
- 3d call to action - Barty needs your help!
- Sensitive Data Exposure: API backend
- API you can manipulate (access=false)
- encryption method that's not an encryption method
- IDOR
- flag commented out in webpage
- developer tools
- Teach web exploits:
- https://owasp.org/Top10/A01_2021-Broken_Access_Control/
- Automatically Incrementing IDs in URL allowing to resource discovery
- how to teach binary decompilation in a browser?
- embed a flag in a JWT (easy to make!)
- teach people that PDFs can phone home
- how to teach buffer overflow in a browser?
- how to teach timing attack in a browser?
- use judge0 scripting environment
- prerequisite: binary search in python
-
Story:
- this has been dropped for practical reasons.
- We are writing an excuse plot
- Where did barty come from?
- Key point: Because we did the "CyberShield" compeition in the past. We're doing the CyberSword competition now.
- What's the lore for the CyberSword
- It's a sign of cybersecurity proficiency.
- What's the lore for the CyberSword
- Why do we have to complete challenges to earn the cyber sword?
- Things that the story should have:
- I like the idea of a mideval knight not knowing anything about cybersecurity.
- Therefore, the user has to support him in his efforts.
- I like the idea of a mideval knight just wandering around northern kentucky.
- I like the idea of a mideval knight not knowing anything about cybersecurity.
State clear goal in "bookends" for each subject: - You don't have to know anything now - When you're done, you'll either win or know what you don't know
See docs/timing.md.