When I started learning infosec in college, I realized how different labs can be depending on the how the teacher/course maker made the labs. I ended up breaking down styles into a few categories:
- Complete command-by-command instructions with explanations of each command
- Command-by-Command instructions with no explanations
- Instructions on the order of tasks and which tools to use, but having to figure out how to use that tool on your own
- Instructions on the order of tasks and being given a repository of tools to use
Each method gives different advantages and disadvantages. I prefer the last option, because I think it forces the student to research and learn about the tools. Additionally, any of these can and should be supplemented with questions along the way and at the end to draw conclusions. Anyone can regurgitate information, but these questions are designed to force the student to think about what they did and how they did it. That understanding is pivotal to creating prepared infosec professionals as we are expected to be able to figure stuff out on our own.
One of the projects that I have worked off and on for a long while is the CTF Wiki. The project started as me trying to think of something I do to give back to the community, specifically a visible resource, however at the time, I wasn’t very knowledgable. Although I am not in love with just living for documentation, I found that CTFs did not show differences between them or have any more documentation then a basic repository of solved challenges assuming you found that. As I started to document the essence of each challenge: categories of skills, timing, hints, format of the challenge and so on, I also started documenting the tools and use cases. Due to lack of time, I haven’t had time to update the CTF Wiki in a long time which frustrates me greatly.
Recently, I was asked to help mentor an awesome person that has decided as she learns more about infosec, she will help me transition the site to its new home, format and help add information. Anyone else that is willing to help in this effort, please send me a email. My email is ( Forgotten
Just recently, a student from my college asked me to be his mentor. It amuses me how much I offer to help and basically no students took me up on it, however two people now came to me which is awesome. Regardless, I got him working on a slightly different project that became the subject for this post. The CTF Wiki has become more then just CTF info when I started to incorporate the tools and ideas needed to work on these challenges. When I was in college learning, I tried to get students to work with me to play various CTFs and realized we had to start off with really easy challenges to get people having fun and thinking. Some struggled to go beyond basic classwork and get into infosec challenges. At the time, the labs the school had were mostly my least favorite type of lab which is basically step-by-step commands with few to no questions forcing students to think. Regardless, I plan on folding a infosec lab repository into the CTF Wiki for learning. If you have labs you are willing to share, there will be a section on the CTF Wiki explicitly for that. My goal is to have myself and others working to improve labs to teach various portions of infosec. Crowd-Sourced labs will provide the community with better resources for both students, instructors, and allow students aren’t paying for a formal education to receive quality training for free similar to the idea of Coursera, but open to anyone to use or improve. The new site is not yet ready for launching, but I expect for it to be ready in the coming months and I am really excited to have a few labs posted by launch. If you have labs that you want to share now, please let me know.