Today, in 2019, I see an increasing popularity of playing a Capture The Flag (CTF) by Cybersecurity students.
What are the advantages and disadvantages of playing CTF's in relation to developing the right skills for Cybersecurity students (Bachelors and Master degree)? Does it ad value to the cybersecurity skills gap? On what way it does or does not?
CTF definition from Wiki: en.wikipedia.org/w/index.php?title=Capture_the_flag#Computer_security
There are a lot of competitions online and offline. Just a few examples:
Online: ctftime.org, www.hackthebox.eu, picoctf.com
Offline: ecsc.eu (Europe), defcon.org (Americanas)
Example Curricula from ECSC: ecsc.eu/about/ecsccurricula.pdf/download
Good reads about the intersection of Cybersecurity and education (related to playing CTF's) are also welcome.
Other questions i have in mind: 1) How does playing CTF games ad an value to the quantitave and qualitative cybersecurity skills shortage worldwide? 2) Can playing CTF's be a (partial) replacement for Cybersecurity-education (under- and graduate level)? 3) The quality of a CTF strongly depends on the developer(s). Is there (some kind of) framework to measure the quality and levels of CTF's? 4) What is the future of CTF's? (Serious gaming/cybersecurity simulation environment/other) 5) How can we make CTF's more reality based / realistic? 6) The sooner students start with playing CTF's, the better?
Sources for CTF frameworks: https://github.com/cliffe/SecGen https://github.com/CTFd/CTFd https://github.com/easyctf/librectf https://github.com/facebook/fbctf https://github.com/Gallopsled/pwntools https://github.com/koromodako/mkctf https://github.com/legitbs/scorebot https://github.com/mcpa-stlouis/hack-the-arch https://github.com/moloch--/RootTheBox https://github.com/Nakiami/mellivora https://opencyberchallenge.net/ https://github.com/UnrealAkama/NightShade
Good reads: https://trailofbits.github.io/ctf/ https://github.com/s1gh/ctf-literature https://www.endgame.com/blog/technical-blog/how-get-started-ctf
https://doc.lagout.org/security /Packt.Kali.Linux.CTF.Blueprints.Jul.2014.ISBN.1783985984.pdf