Logo TIB AV-Portal Logo TIB AV-Portal

Hosting CTFs with Berlyne

Video in TIB AV-Portal: Hosting CTFs with Berlyne

Formal Metadata

Hosting CTFs with Berlyne
Problem based learning in IT security
Title of Series
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Berlyne is free software and lets you create problems, following the principles of problem based learning. Berlyne can be used to host authentic Capture The Flag competitions in your own infrastructure. This talk explains what problem based learning is (and why it works well in IT security education), how to use Berlyne and how to extend it with own problems.
Keywords Security

Related Material

The following resource is accompanying material for the video
Video is cited by the following resource
Freeware Arm Key (cryptography) Physical law Open source Motion capture Student's t-test Session Initiation Protocol Software Universe (mathematics) Video game Quicksort Information security Flag
Computer-generated imagery Motion capture Arrow of time Flag Motion capture Flag
Point (geometry) Software Multiplication sign Computer-generated imagery Arrow of time Flag Information security Field (computer science) Flag
Service (economics) Service (economics) Multiplication sign Computer-generated imagery Planning Self-organization Vulnerability (computing) Flag
Point (geometry) Trigonometry Service (economics) Service (economics) Water vapor Motion capture Revision control Type theory Type theory String (computer science) String (computer science) Game theory Endliche Modelltheorie Physical system Flag
Type theory Service (economics) Type theory Different (Kate Ryan album) Universe (mathematics) Flag Self-organization Motion capture Game theory Flag
Point (geometry) Type theory Multiplication sign Electronic program guide Topological vector space Bit Motion capture Element (mathematics) Flag
Point (geometry) Information Personal digital assistant Password Website Website Field (computer science) Flux Task (computing)
Pay television Email Pay television Direction (geometry) System administrator Perturbation theory Data management Personal digital assistant Website Endliche Modelltheorie Online chat Task (computing) Form (programming)
Scripting language Message passing Service (economics) Key (cryptography) Telecommunication Website Physical system
Category of being Goodness of fit Building Website Right angle Cryptography Computer forensics Category of being Task (computing) Form (programming) Task (computing) Physical system
Mobile Web
Point (geometry) Type theory State of matter Query language Combinational logic Flag Similarity (geometry) Student's t-test Cartesian coordinate system Wave packet
Dot product Universe (mathematics) Query language Student's t-test Cartesian coordinate system Mereology Theory Independence (probability theory)
Group action Process (computing) Information Real number Online help Group action Element (mathematics)
Logical constant Service (economics) Software Universe (mathematics) Feedback Database Moving average Student's t-test
Multiplication sign Graph (mathematics) Information security Smith chart Task (computing)
Universe (mathematics) Motion capture Flag Ranking Hacker (term) Smith chart
Boss Corporation Service (economics) Matching (graph theory) File format Computer-generated imagery Power (physics) Medical imaging Software Personal digital assistant Normal (geometry) Data conversion Right angle Hacker (term) Router (computing) Vulnerability (computing) Flag
Enterprise architecture Axiom of choice Software Multiplication sign Motion capture Content (media) Software framework Right angle Line (geometry) Cartesian coordinate system Information security Task (computing)
Computer icon Web application Service (economics) Demo (music) System programming Synchronization Computing platform Electronic visual display Game theory
Installation art Digital electronics File format Perspective (visual) Virtual reality Blog Computer configuration Hash function Active contour model Cuboid Lipschitz-Stetigkeit Descriptive statistics Service (economics) Data recovery Point (geometry) Mass Virtualization Category of being Root Vector space Remote procedure call Hacker (term) Alpha (investment) Task (computing) Point (geometry) Content management system Computer file Password Exploit (computer security) Electronic mailing list Student's t-test Thresholding (image processing) Firefox <Programm> Lattice (order) Inclusion map Computer forensics Game theory Tunis Task (computing) Data type Robot Multiplication Computer program State of matter Code Thresholding (image processing) Group action Personal digital assistant Password Computing platform First WORD Flag
Content management system Point (geometry) Password Exploit (computer security) Student's t-test Group action Firefox <Programm> Lattice (order) Befehlsprozessor Operator (mathematics) Password Hash function Active contour model Local ring Game theory
Link (knot theory) Information Point (geometry) Exploit (computer security) Firefox <Programm> Inclusion map Event horizon Ring (mathematics) Active contour model Object (grammar) Videoconferencing Simulation Game theory Flag
Web page Content management system Multiplication sign Point (geometry) Source code Binary code Exploit (computer security) Mass Firefox <Programm> Personal digital assistant Hash function Active contour model Game theory
Information Point (geometry) Exploit (computer security) Online help Student's t-test Firefox <Programm> Game theory
Scripting language Scripting language Slide rule Information View (database) File format Computer file File format Content (media) Physicalism Directory service Content (media) Mereology Number Repository (publishing) Configuration space Configuration space
Point (geometry) Scripting language Computer file Point (geometry) Demo (music) Directory service Content (media) Measurement Virtual reality Different (Kate Ryan album) Internet service provider Software testing Software testing Configuration space Distortion (mathematics) Point cloud
Point (geometry) Service (economics) Identifiability Link (knot theory) State of matter Content (media) Mereology Number Element (mathematics) Revision control Protein folding Term (mathematics) Computer configuration Descriptive statistics Exception handling Physical system Inheritance (object-oriented programming) Point (geometry) Line (geometry) Directory service Category of being Word Document management system Personal digital assistant Free variables and bound variables Hill differential equation Right angle Sinc function Spacetime
User interface Execution unit Installation art Content management system Venn diagram Computer program Color management Mass Electronic mailing list Solid geometry Number Blog Different (Kate Ryan album) Computer configuration Hash function Active contour model First WORD Game theory Task (computing) Physical system
Revision control Scripting language Service (economics) Personal digital assistant Configuration space Content (media) Mereology Metadata Computer programming Theory Disk read-and-write head Exception handling
Installation art Content management system File format Exploit (computer security) Electronic mailing list Lattice (order) Firefox <Programm> Virtual reality Blog Hash function Active contour model Computer forensics Game theory Task (computing) Data type Robot Point (geometry) Computer program State of matter Mass Group action Number First WORD Convex hull Task (computing) Flag
Web page Content management system Exploit (computer security) Electronic mailing list Rule of inference Firefox <Programm> Virtual reality Blog Hash function Active contour model Flag Website Game theory Descriptive statistics Task (computing) Data type Scalable Coherent Interface Robot Point (geometry) State of matter Internet service provider Number Order (biology) First WORD Abelian category Task (computing) Flag Address space
Point (geometry) Email Service (economics) Vulnerability (computing) Line (geometry) Feedback Reflection (mathematics) Point (geometry) Demo (music) Exploit (computer security) Firefox <Programm> Wiki Writing Number Active contour model Game theory Task (computing) Flag
Email Perfect group Service (economics) Open source Multiplication sign Patch (Unix) Motion capture Thresholding (image processing) Event horizon Element (mathematics) Wave packet Wiki Roundness (object) Repository (publishing) Flag Software testing Physical system Vulnerability (computing) Task (computing) Injektivität Standard deviation Scaling (geometry) Digitizing Electronic mailing list Bit Line (geometry) Library catalog Category of being Process (computing) Software Repository (publishing) Universe (mathematics) Speech synthesis Website Self-organization Codec Quicksort
things are showing up to my talk on CDs with per were relying as a tool I've written for exactly this purpose on 1st of all about me my name is strong and sort of I am currently in info sec master students here at this university uh and a written apology on really not fit to the so it runs it's law from that of the MRF to take a sip of my tea please excuse me no on the most students here and I currently live and bond so what is this talk about it the the last 3 semesters I was tutor for software security at the University of and there was spiced up our lecture with CTS and I want to pass on some of the experience with made and talk about the to life written to the closer to the other arm so talk has 3 segments 1st of all we will talk about 1 of the key of actually used and I'm gonna talk about the principles of problem-based learning the which is so important in my opinion and it's metals show the actual
tool the stock is mainly about market precision given a razor and who knows what commercial flight means OK a lot of everyone tell k minus on summary of priest Introduction and this is the capture the flag competition
I as you can see of
the Red team here is trying to steal flat and the creating this trying to prevent the red team to steal the slack the point of field that looks somewhat like this it's time as a base the base contains a flag and the
other team's goal is to you get the flak and bring to the only the there would be a single point so both teams have to defend their own flag while trying to steal the flight from the other team or other teams so this talk is about software security or IT security in general because those that have to do with the key security all they're playing basically the
same thing these are are 2 teams 1 in the back and front planes the CTF and what goes on basically each gene
also vulnerable services the the services are usually provided by the organizers of the CDF but also by the teams participating and the role of this the minister still flat all of the other team by using the vulnerability in the service while at the same time defending their own flight by patching the answers once they got a flat they submitted
to the system model score water and received the points in the version of the game the reflective consist of cotton and usually just character strings the weighted because it's not exploited service to get more points than for market so on must link there mainly 2 types of city play plates from the first one is that detected defense of its this exactly which just show you
where the goal is to still the
flag the posted in the service of the other team these are the the difficult almost especially for large set up so for these they're usually played at conferences or locally at universities or something like that and the
2nd type is the Jeopardy suggest men that after the game show the where the organizer roles services and the role for every is just to exploit the service hosted by the organizers to like their but Jeopardy has some big advantages for some of that the as time critical as a real-time isn't that defense 11 attack difference for 8 hours and the
2 pay full attention for these for this time whereas in jeopardy there's a really a real-time elements of it can the last for us they or even longer and teams can just work in their own pace which is good for educational purposes and here toward so since a lot of
you know what city of are this is a typical score worked as you imagine a ranking with points know a bit more interesting
this as an example task that picked up because I like that and from the echo Japanese-style city that is organized by the flux fingers to the city of the most the only visited often which is nearby and this is a typical task is and this case a website and 1 field where you can interact with the website where you can to some so this this your starting point you have done of background information
just at this website in an example for
more complex task it from the same city of actually there was used the the
model that he owes Wild Wild West and this dating site hot coals and and has a lot of in direction there's a chat that actually works because replied on begin at premium accounted can yeah user management you can even write the administrator and e-mail and player form and that's also a problem you don't know where to start but you need to get a flight In this case here to contact the administrator use cross its scripting only here had some form of it just doesn't
always have to be useful for service or website on here there are 2 only cares about are the keys and of course in your lecture you learn OK short he's a bad but once you dizygotic communication here once you
actually wrote a script that the crew the are saying cryptic messages the neural understood how the system works and why it is bad and the short keys yeah the
last thing you need to know a lot of teams after this solved a particular challenge the writer right up how they
solve this challenge and publish it often which is good form of documentation for them but also for others who weren't able to solve the task no difficult categories
knowledge and coat almost everything difficulties reversing Norway crypto but you see everything city knowledge from simple websites to all operating systems but it exploits
so if you know the mobility I hope this was brief introduction there's so what's called city of 10 or that led a lot of the year so if you're interested check it out there is currently a CDF posted online almost every week just recall so secondly this target of all
postings CDF with Purloined notable the participating not a lot of
institutions especially interesting he was capture the flag competitions which is really cool but also in there'd intermarriage not that also helps students which clear to segment of problem-based learning which are very basic principles that you should follow if you also the states here the
European DVL there's that the starting point should be a possible a reliquary and of course you can argue that this type of learning has been around forever but the problem learning how I I'm going to talk about it is formal find 1 so there's been a lot of research about that it works very well in combination with lectures not as a replacement of together with the lecture and works really well too a similar fragmented knowledge into applicable skills so if you have a lecture or training a company or
university the teachers furious promise learning is great to MIT students understand the and connect the dots and it applicable skills of theory the gold star to promote problem solving independent learning also to evaluate independent learning and last not
only not least also the motivation parts so the desire of the 4 basic
points if you'll see the official take into consideration very basic very and if you follow them you have good outcome so first one is often the problem something of violated and but has Mr. problem should be as close to real world problems possible and also that there should be no all the detailed background information on the problem itself secondly you work in small groups 3rd the teacher steps back is the tutor he doesn't help with any problems he might moderate the learning process but the demolition help and the individual knowledge gained it comes naturally that just means if you work in a group you can
discuss with people but everybody should the research on their own and then discuss with the others but I said if you positive and smaller groups that usually comes naturally so we also suggest
uh that conference which is the university in constant database rolls into consideration the to spice up here the software secure to lecture afterward 3 the feedback from the participants got it all
over 30 students I think 31 mainly IT students but also with some from electrical engineering and of course really the service for the feedback what the question was did you
have fun and the city of was obligatory so people to participate of but still most of them said that they had found worthless the little too much but even more interesting was
this question that you learn something new on these graphs look added to it but these are from the actual that I they you learn something new and everybody said yes which is interesting because the tasks of the were matched to the topics starts in the so more security lecture in the city of course at the end of the lecture however there was really cool to see distant best a lot of time what they what usually do with a worksheet and so that infants learn something on why included this PBL as set a lot of
institutions are because up on this idea of capture the flag competitions which is called the sometimes they don't take
problem-based learning or other learning methods into consideration I include an example for this here um but even the ranking that which is used by some universities and it's company that polls capture the flag competitions how can
over there she sold does give to ride write up and submit it and then it right up this in this case you get the image of Ferrara and
his boss run at the software service running with the vulnerability and how I solved it was just Dunlap image converted to 0 format you can use of it Mount the match Grant for flak and I received a letter which this the norms you get this would be a valid solution because I got the but in this case the right up actually get exist assessed so I can't exploit the service is I I have to specifically exploit the power the creators 1 of the to exploit and that of course is not authentic it's an hour problems and
moderate it's frustrating so those really frustrating task on so there was an introduction to suggest and prone I'll talk about the tool I've written to host capture reflects the IBM University it is also used by you the company in Cologne which is also sponsor at this conference have destroying I've run us free software and it's a tool to work with it's not your enterprise tool to just use you're supposed to work with its so 1st of all I would use between all suggest what you all the peer there are so many online but the city of online the right heavily in difficulty and quality and if you have a lecture or costs you might not want to depend on a city if you don't know what is what is going to be about that might not match the content and also on time as often during the weekend so I leave Berlato's your insidious whenever you want with the topics you the so because of line basically
brings it gives to the classroom make it easier to spice up your lecture your course in software IT security with a city of and make it very easy to set up of with the 2nd it's written in general which is a python framework just because I'm the very lazy and Jameson extremely cool framework that allows you to right applications in time OK so I'm
going to show tool which is why most people temporal the
thank you thank you can solve its have the I have to browse open
it's a web application the I just from them this where work petition on the krone 1 is a teacher teachers None
Firefox 1 here is students so of students you just have to different cost of and a course is essentially of the city of I mean In this dream multi threshold a certain amount of points the past a kind of like Texan and the beginning in the deadline for flight submission and the short description the and the rest is just your usual circuit of problems here you have reflects submission and you have a all spent hear somebody already and there's some points there right because them reached a threshold can so the few in this 1st in just normal suggest Martin to the to just
perfect perspective and here you have an additional 10 about problems on so often look into them these are 2 different problems of primitive installed all of this and local installation you can see where all the items that the more later consider the deployment options are different have Jonas that only downloadable but also Dr. some run in virtual box down all yeah I'll show that to you in a 2nd the future create a problem and of course I sure all to create problems and the 2nd I choose another 1 score or maybe something to wandering I can save the since have to submit right up with the solution the start deadline I can set a password and threshold and then I can assign problems to the course so non this case and they have passed on names and the categories so on the 1 to what challenge medicine through remote file inclusion all that the maybe some preference but you know 1 of which the I was on now I can assign points these are the points that problem creator 1 for the task alright and for the course no across the street and so FIL vector that problems pages system now starts to problems that that newly assigned so this can be seen as like high-level significant the problems that are in the course running the Province they're not using a causation down OK so a got to those tunes perspective
the operational costs and enjoyment it was found a password and Mr. my costs of and was in the meantime now because local insolation there only
there's only 1 worker that's lots of students he was 1 worker per CPU and a real deployment and so this is not the
Commission here this of or problems so city of I can watch a a brief description and and the status quo
have you and that's a problem that None of the crown information just need to the not
and the object so the
time so the other 1 was historically
sources started I have here can the lot of binary and it's this is
not a web page it's and it doesn't have to trust this case just
sneak and again that's without background information it's just a problem but you have to solve market
so the teacher can just assign problems problems create courses and for students reference together it's just a help for teachers for institutions to set up really fast from so these problems
I was talking about obviously there great portraits if you want to write your own problems that consist of only 3 parts a config file format information the set up for provisioning script and the convent director with the actual content all of the problem so can
exchange numbers all use physical dip repositories for whatever the before and you
can this deploy them I to talking they which reported this lotion where's the which recommends using darker only for testing because it doesn't offer isolationist really and and distortion is the top provider which is handy because then the probability that deployed locally but it spins up droplet and in the cloud and for your doesn't make a difference in the and then and other problem difficult is a measurement points for me I do for and between 1 and 5 and points I can this talk you like to solve problems I
don't from you just copy it to the problem fold problems folder osha per line and since In this case these are 2 problems
I was the problem lecture number although I just copy it there and use that and so on and stole the
truth annotations here consists of 4 elements to read is just a bonus and so you know what respond the conflict Jason is the mid identifier we're not if the points obviously the ports the VM users because the DMS not just put out in the while you while you have to specify the port services using and then the purloined system the that's support forward and in this case the service supports at 6 6 6 and that will get the sender and the port later on this category text forward search option because that's right downloads from the content directory that should be it should be able to download and name and the description which uses this these placeholders so here for example that the men will be replaced by Donald link for the standard yeah the of the host part no space or there will be replaced but also so the words considered to plot parents the port the support I spend specified earlier you can use that because as I said there will be random porn support assigned it as a port forwarding to the the term sport in states except except OK so I can number in this case let's say I
want to to my course the on science of put it in the problems fall there I can just while the web interface and solid for 2 different deployment options no and the system world stalwart the can take a 2nd Nelson's it creates the gamut provisions to be an through the
stomach and show you the the problem I
showed you the conflict of metadata the
constant is just a normal direct In this case with the program and configuration for except that the and the 3rd part was set up which is just a script that and insults needed services for the problem here it's just a vested with you and your especially nauseous profits were theories installed the
problem I will at the problem not to a cost to the host of the q number but
yeah and it just makes it very easy for teachers to these kinds of stuff no idea starts of the end the so you see
the tasks not starting and as the task strictly running to stop the again yeah
that's I can show you at
which the rule there are I submit flak I mean it's also interesting that task
this is a teacher at page 4 a problem with his teacher which a port forwarding that was used the description and the flag flexed created automatically they're not always the same the on the created 1st order
scenario of the task consider reflect and and cost and they can rest party to treat and I received points so this Cynthia just maybe forward
in so it was it don't I obviously in developed the tool I up you think it's useful if you have any questions or a few have trouble setting up there is actually a wiki page describing everything but stonechat write i'm glad to to help the mn and the
the on customs you get it and the this on there there's not really a marketplace for problems but so far the wiki page listing problems available 1 and that's also 1 of the reasons why I want to put this to all out because if somebody creates problems or and you can also just use open source software that as normal a abilities include for example then it through fear as you tell me so I can add to the list so far is marketplace because they're not there's not that hidden huge amount of problems but there's a wikipage uh also undertook of them and that's related to food and you just most aftermarket repositories just from the repository got it and then you have to get but if it grows and if there are more problems there will be marked Morris catalog of of hi and digital M. are where of for and of other people organizations using it already and how many my university where my the 173 semesters of what they do they have worksheets during the semester and the and this is kind of like a final alone so you a certain threshold which is not too high and a lot of tasks so you need to know solve 3 tasks that the the and where from the category that was thought in the lecture and also come this the 1st time I speak publicly about the tool but the company in the loan is set for training of the penetration testers the company called that it's an internship there and not only 1 and and the so far everybody we use that like that but the only my university and this company works the just but they like to call in any more questions a rather uh generic question in regards to this capture the flag is I think the idea is very very good and and you see appliances well this is very soft or something I believe I where I was taken out into the 1 existing services so that people had to sit there and solve problems like getting a so up and running in the real world and would do this and that stuff and it's 1 of the main critics of the methods that and especially if you jeopardy style where you don't even have to fix the problems you've exploited just have to prove that you interested in and it's interesting problem and we have experimented with it at universities but note that I haven't seen large setups where you have to patches system or I get a system running just think what bureaucratic but it's difficult to organize so so maybe the yeah maybe someone can come up with my solution for that especially that scales to get here at the university it's easy but if you that's a online with hundreds of participants it's not easy to organize so I haven't seen a large said that this that unfortunately although I have things and the question of how long does it take you to sort of a challenge maybe I missed that in a speech but what's the main the marks will you've experienced to creating challenge because that I think that's the essence of the so that's what this is the 1 of the reasons why i in that had to stop now because I think it's a bit of a crowdsourcing tasks but there are a lot of existing CDF because a lot of organizing their elements you give afterwards but the tasks in on the job or something like that so we can use them you can also use existing software that as vulnerabilities for example but making you need to ask is not that difficult so you can set up a website that has a as can injection vulnerability or something uh usually doesn't take so much effort so current events and the standards of it's not much of an effort to write tasks but to write really really good just to I take it to perfection this is almost or art uh as I said the city of tasks that were somebody and actually wrote operating system of as but the basic task as a shortened here I it took me maybe a couple of hours if you make it through a small and less once you've done 1 the kind of the end of it so if you write your own problems you per problems may a couple of hours or if you use an existing problem just alignment 4 per line that's very using this adjustment history files them so it's not a lot but if you want to perfection in its they slow and the and and so thank you and maybe another round of applause