Photo by Luis Desiro on Unsplash

Photo by Luis Desiro on Unsplash

Real-World Attack Challenges

Capture the Flag

Article from ADMIN 91/2026
By
The open source CTFd platform hosts engaging, curriculum-integrated, cybersecurity capture-the-flag events in the classroom.

One of the biggest hurdles when transitioning from tech to teaching is crafting an engaging curriculum rooted in real-world skills. Talking through the dangers of cross-site scripting (XSS) or giving a lecture on vulnerable hashing algorithms is not enough. You want your students to discover and experience it all first hand, directly through the lens of an attacker.

As a 15-year industry veteran, I have always been a fan of the capture-the-flag (CTF) format, not only for learning new cybersecurity and computing concepts, but also for exercising critical thinking skills in a way that can be difficult to achieve in a classroom environment. Tech professionals can bring a ton of experience into the job, but an effective platform for intentionally teaching these skills from an industry-informed perspective is often lacking.

Although public CTF platforms and cyber gyms do exist (e.g., picoCTF and TryHackMe), as well as many public CTF competitions specifically for high school students (e.g., National Cyber League and Lockheed Martin's CYBERQUEST), they are excellent for curriculum supplementation but lack control and targeted curriculum integration, which is where my platform of choice comes in.

CTFd

CTFd [1] is a free, open source platform for hosting your own capture-the-flag events. Although hosted and enterprise options are available, the self-hosted version is an excellent starting point for powering your own capture-the-flag-like challenges both in and out of the classroom.

With a well-documented API, along with support for bulk challenges, user management, and leaderboards, CTFd is the perfect solution for creating not only a curriculum-dependent library of challenges but also scriptable, custom functionality, such as the integration of challenges with GitHub Classroom (a platform deserving of its own article) and even

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Photo by USGS on Unsplash
    Hacking Mutillidae II
    Ethical hacking against the Mutillidae II vulnerable application can improve your security knowledge.
    more »
  • Lead Image © lassedesignen, 123RF.com
    Secure authentication with FIDO2
    The FIDO and FIDO2 standard supports passwordless authentication. We discuss the requirements for the use of FIDO2 and show a sample implementation for a web service.
    more »
  • Lead Image © Stuart Miles, 123RF.com
    Obtain certificates with acme.sh
    We take a close look at acme.sh, a lightweight client for the ACME protocol that facilitates digital certificates for secure TLS communication channels.
    more »
  • Lead Image © hanohiki, 123RF.com
    Dockerizing Legacy Applications
    Sooner or later, you'll want to convert your legacy application to a containerized environment. Docker offers the tools for a smooth and efficient transition.
    more »
  • Lead Image © James Thew, 123RF.com
    Relational databases as containers
    If you spend very much of your time pushing containerized services from server to server, you might be asking yourself: Why not databases, as well? We describe the status quo for RDBMS containers.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=