BYU logo Computer Science
CS 465 Introduction to Security and Privacy

CTF

Objectives

In this project, you will be introduced to cybersecurity capture the flag (CTF) competition-style challenges. This will become a valuable tool to gain experience with ethical hacking after this course. In these CTF challenges, you will be able to leverage all the vulnerabilities and attack vectors learned throughout the course.

Background

Capture the flag (CTF) competitions are the premier method for building and demonstrating skills with software security. In general, there are two types of CTF competitions:

  1. Jeopardy-style competitions. These competitions involves participants solving self-contained challenge problems. These problems usually revolve around identifying a security flaw in the provided software, website, service, or data. Leveraging this flaw, participants will cause a security breach that provides them with a flag (usually a simple string). These flags are submitted to the CTF competition and participants are awarded points based on the difficulty of the challenge. The winner of the competition is the user or team who accumulates the largest number of points. These challenges are often grouped into categories and presented on a board similar to the game of Jeopardy (hence the name).
  2. Attack and defend competitions. In these competitions, each team is provided with one or more software services that manage a teams flags. The goal of the competition is to break into other teams services to steal there flags, while properly hardening your team’s services to avoid compromise. Points are awarded for (i) the uptime and correct operation of your team’s services and (ii) the flags you stole from other teams. Points are deducted for the flags stolen from your services. The winner of the competition is the user or team who accumulates the largest number of points.

In this project, you are going to get experience with the challenges found in a Jeopardy-style competition. Unfortunately, no appropriate CTF is running at this time. Instead, we will be completing challenges from past picoCTF competitions. picoCTF competitions are run by Carnegie Mellon University (CMU) and are aimed at students. Past competition challenges have been collected into their picoGym and this is where we will be completing challenges.

Requirements

First, you must sign up for a picoCTF account and join our classroom:

  1. Visit https://play.picoctf.org/login.
  2. Sign up for an account. For FERPA compliance, you should pick a username that won’t reveal who you are to other students. Don’t use your netId.
  3. Visit https://play.picoctf.org/classrooms.
  4. Click “Join a Classroom” and use the following code to join our classroom: CL5v2ZfgH.

You are now free to complete whatever challenges you want.

You must not look up solutions for any of the challenges! If you are caught doing so, you will automatically receive a 0 on this project. picoGym has built in functionality that will detect and report cheating.

Grading Rubric

To complete this project, you must accumulate 2000 points. Up to 1000 points can be used for extra credit.

We have removed all rules about categories for points.

Make sure you have registered for our classroom on picoCTF’s website, otherwise the TAs will not be able to check your points and you will receive no credit for this exam.

Submission

When you have completed this project, you will enter your username and the number of points you believe you should receive on Canvas.