Cybersecurity Knowledge and Skills Taught in Capture the Flag Challenges

  title={Cybersecurity Knowledge and Skills Taught in Capture the Flag Challenges},
  author={Valdemar {\vS}v{\'a}bensk{\'y} and Pavel {\vC}eleda and Jan Vykopal and Silvia Bris{\'a}kov{\'a}},
  journal={Comput. Secur.},
Capture the Flag challenges are a popular form of cybersecurity education, where students solve hands-on tasks in an informal, game-like setting. The tasks feature diverse assignments, such as exploiting websites, cracking passwords, and breaching unsecured networks. However, it is unclear how the skills practiced by these challenges match formal cybersecurity curricula defined by security experts. We explain the significance of Capture the Flag challenges in cybersecurity training and analyze… Expand

Figures and Tables from this paper

Avoidance of Cybersecurity Threats with the Deployment of a Web-Based Blockchain-Enabled Cybersecurity Awareness System
Modern information technology (IT) is well developed, and almost everyone uses the features of IT and services within the Internet. However, people are being affected due to cybersecurity threats.Expand
SherLOCKED: A Detective-themed Serious Game for Cyber Security Education
SherLOCKED is proposed, a new serious game created in the style of a 2D top-down puzzle adventure that is used to consolidate students’ knowledge of foundational security concepts and lends additional evidence to the use of serious games in supporting learning about cyber security. Expand
Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review
A systematic review of the literature on the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments. Expand
Constructing Flow Graphs from Procedural Cybersecurity Texts
A large annotated procedural text dataset (CTFW) in the cybersecurity domain is built and it is proposed to identify relevant information from such texts and generate information flows between sentences to show the generalizability of both this task and the method. Expand
Synthesis of Deceptive Strategies in Reachability Games with Action Misperception
A dynamic hypergame model is introduced to capture the reachability game with evolving misperception of P2 and it is shown that DASW strategy is at least as powerful as Almost-Sure Winning (ASW) strategy in the game in which P1 does not account for P2's misperceptions. Expand


What Are Cybersecurity Education Papers About?: A Systematic Literature Review of SIGCSE and ITiCSE Conferences
It is discovered that the technical topic areas are evenly covered, and human aspects, such as privacy and social engineering, are present as well, and the interventions described in SIGCSE and ITiCSE papers predominantly focus on tertiary education in the USA. Expand
The Core Cyber-Defense Knowledge, Skills, and Abilities That Cybersecurity Students Should Learn in School
Overall, the data suggest that KSAs related to networks, vulnerabilities, programming, and interpersonal communication should be prioritized in cybersecurity curricula. Expand
Cybersecurity Curriculum Design: A Survey
An overview and comparison of existing curriculum design approaches for cybersecurity education is presented and a desideratum to provide a big picture of the overall efforts done so far in the direction of cybersecurity curriculum design is provided. Expand
Cybersecurity education: Evolution of the discipline and analysis of master programs
These latest guidelines are used to analyse and review 21 cybersecurity master programs, focusing on the contents of their courses, structure, admission requirements, duration, requirements for completion, and evolution. Expand
Class Capture-the-Flag Exercises
Class Capture-theFlag exercises (CCTFs) are proposed to revitalize cybersecurity education and are described how to design these exercises to be easy for teachers to conduct and grade, easy for students to prepare for and a lot of fun for everyone involved. Expand
Global perspectives on cybersecurity education for 2030: a case for a meta-discipline
This report starts from the premise that cybersecurity is a "meta-discipline" that is used as an aggregate label for a wide variety of similar disciplines, much in the same way that the terms "engineering" and "computing" are commonly used. Expand
An Offline Capture The Flag-Style Virtual Machine and an Assessment of Its Value for Cybersecurity Education
This paper reports on the use of a virtual machine (VM) framework that has been developed as part of cybersecurity courses offered to both second-year undergraduate and master's degree students in the School of Computer Science at the University of Birmingham; the framework features CTF-style challenges that must be solved in order to complete the courses’ formative assessment. Expand
Talking about Talking about Cybersecurity Games
The year 2015 marked the second USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE), and at the event, a community conversation about terminology for cybersecurity games invited the seed of a draft vocabulary report to be presented to the Cybersecurity Competition Federation for comment and possible adoption. Expand
Analysis and Exercises for Engaging Beginners in Online CTF Competitions for Security Education
This work identified the security issues that are the most concerning to industry and academia and enumerated the security tools and techniques that are used the most by players. Expand
Using Capture-the-Flag to Enhance the Effectiveness of Cybersecurity Education
Incorporating gamified simulations of cybersecurity breach scenarios in the form of Capture-The-Flag (CTF) sessions increases student engagement and leads to more well-developed skills. Furthermore,Expand