Virginia Tech® home

2022: Challenge development by students

Developing Capture the Flags and competition exercises

Developing Capture the Flags (CTFs) and other competition exercises

A Commonwealth Cyber Initiative SWVA node funded initiative

Collaborators: Radford University, Southwest Virginia Community College, Lord Fairfax Community College and Germanna Community College

1.0  Goal

Develop cyber security hands-on exercises that will help undergraduate/graduates prepare to compete in cyber defense contests.

2.0  Overview

Do you enjoy competing in CTF or cyber defense contests? Now, you have the chance to contribute by developing your own exercises/challenges/problems to help prepare for such contests.

Proposals to develop original cyber defense contest exercises are being solicited from teams of 1 or more undergraduate and/or graduate students majoring in Cybersecurity/Computer Science/Information Technology or related fields from community colleges and 4 year universities that are part of one of the nodes of the CCI. A cyber defense contest exercise can be in any one or more of the following categories:

  • A series of capture the flag (CTF) type of challenges in areas such as (but not limited to) operating system usage (Linux, Windows), networking (e.g., packet inspection, port monitoring, installation of network services), steganography, cryptography and reverse engineering.
  • A cyber defense exercise such as (but not limited to) those involving setting up/managing/configuring cyber tools such as firewalls (both software and hardware), intrusion detection systems and network services (e.g., secure authentication) and scanning and enumeration tools,
  • A cyber offense exercises involving creating vulnerable programs or using existing vulnerable programs that work on general OSes such as Windows and Linux and standard networking equipment.
  • Anything else that we may have missed? Feel free to contact us.

The exercises must be able to run on generic operating systems or on easily available devices such as Raspberry Pi or CISCO firewalls.

These exercises will be disseminated either through the Virginia Cyber Range or the Radford University cyber range for students in colleges that are part of the CCI nodes to practice with in preparation for cybersecurity contests such as the VMI Cyber Fusion, Mid Atlantic CCDC, Cyber Force etc.

Proposals can request access to virtual remote servers to build exercises.

3.0  Eligibility

Any team of undergraduate or graduate students from any 2Y or 4Y college that is a member of one of the Commonwealth Cyber Initiative (CCI) nodes is eligible to participate.There is no limit on the number of proposals per individual.

4.0  Limit of budget on the proposal

$1500 per proposal.

Students can submit any number of proposals. Funding is based on the number of person hours that a team will put on the project. Each person-hour of effort will be funded at $15. For instance, if a team of 4 students estimates that the project will take 10 hours to build, the number of person hours is 4 * 10 (i.e., each team member is putting in 10 hours).  The estimate of the number of person hours is limited to 100 total hours. If a proposed exercise exceeds 100 hours, the team may split the project into multiple proposals. Each proposal will be evaluated for merit individually.

5.0 Deadlines/timelines:

Proposals can be submitted at any time and will be reviewed within 15 days of submission. Proposals can be submitted to puppuluri@radford.edu

Deadline for proposal submission:  September 30, 2022.

Notification of accepted proposals:  October 7, 2022

Timeline for exercise development: October 15, 2022 - January 13, 2023

6.0  Deliverables

  1. The fully completed exercises, installed on either the Virginia Cyber Range or Radford University’s range. Technical help will be provided to transfer the exercises to the ranges.
  2. A one-hour online zoom meeting for tech-transfer of the exercise.

7.0  Licenses

  1. All exercises must use technology that is either open source or can be used for teaching purposes. The grant will not bear the cost of any license.
  2. All exercises will be released using the Creative Commons ShareAlike License 4.0.

8.0. Contact information

Questions? Please contact: Prem Uppuluri (puppuluri@radford.edu)

9.0 Proposal format

Title:

Exercise developers (please add additional rows, one for each developer involved in the team):

Name

College Name

Email

Undergraduate/Graduate/ Faculty (U or G or F)

 

 

 

 

 

 

 

 

Name/signature of a faculty member:
[This is required to attest to the student status as a full or part time student at the college]:

Type of exercise being developed (select one by highlighting): CTF/Cyber Defense (non-CTF)/Cyber Offense (non-CTF)

Level of the exercise (select one by highlighting): beginner/advanced

Estimated budget

Project description (Limit to 700 words in Times New Roman 11 or Arial 10 font (the limit doesn’t include illustrations)): the description should have enough detail for the reviewers to determine if this is appropriate at the college level and is competitive.

Timeline: Project must be completed within 3 months. State how you plan to use that time.

Level of expertise of developers (Up to 200 words of description for each developer or alternatively either attach a 1 page resume or provide a LinkedIn link). Highlight aspects such as CS/IT/IS/cyber courses taken and any experiential learning experience (e.g., internships, apprenticeships, hands- on projects):