Shell We Play A Game? CTF-as-a-service for Security Education


Erik Trickel, Arizona State University; Francesco Disperati and Eric Gustafson, University of California, Santa Barbara; Faezeh Kalantari, Michael Mabey, Naveen Tiwari, Yeganeh Safaei, and Adam Doupe, Arizona State University; Giovanni Vigna, University of California, Santa Barbara


Although we are facing a shortage of cybersecurity professionals, the shortage can be reduced by using technology to empower all security educators to efficiently and effectively educate the professionals of tomorrow. One powerful tool in some educators’ toolboxes are Capture the Flag (CTF) competitions. Although participants in all the different types of CTF competitions learn and grow their security skills, Attack/Defense CTF competitions offer a more engaging and interactive environment where participants learn both offensive and defensive skills, and, as a result, they develop their skills even faster. However, the substantial time and skills required to host a CTF, especially an Attack/Defense CTF, is a huge barrier for anyone wanting to organize one. Therefore, we created an on-demand Attack/Defense tool via an easy-to-use website that makes the creation of an Attack/Defense CTF as simple as clicking a few buttons. In this paper, we describe the design and implementation of our system, along with lessons learned from using the system to host a 24-hour 317 team Attack/Defense CTF.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {205237,
author = {Erik Trickel and Francesco Disperati and Eric Gustafson and Faezeh Kalantari and Mike Mabey and Naveen Tiwari and Yeganeh Safaei and Adam Doup{\'e} and Giovanni Vigna},
title = {Shell We Play A Game? {CTF-as-a-service} for Security Education},
booktitle = {2017 USENIX Workshop on Advances in Security Education (ASE 17)},
year = {2017},
address = {Vancouver, BC},
url = {},
publisher = {USENIX Association},
month = aug