Demand for skilled cybersecurity professionals will continue to outstrip supply for several years. Closing that skills gap requires building a pipeline for training students and professionals. Yet few high schools and colleges have the resources to mentor those interested in computer security.
Capture the flag (CTF) events are the perfect platform for future security practitioners to synthesize and apply offensive maneuvers and learn to think like attackers. These competitions challenge participants to exercise skills across the spectrum of computer security, from exploit creation and vulnerability discovery to forensics.
Despite this potential, the expertise needed to create and train CTF teams is also in short supply.
That’s why we created the CTF Field Guide. It helps students to develop the skills to compete and succeed in these competitions, supplements their existing coursework in computer security and provides readers guidance to form CTF teams.
The guide consolidates some of the best cybersecurity teaching available: elements of Dan Guido’s classes taught at NYU Tandon School of Engineering, material Trail of Bits developed in collaboration with DARPA Cyber Stakes to train military academy students, and reference material from leading security researchers around the world. GitHub houses the guide, so users can improve the material over time. While courses on similar topics have been offered elsewhere online, the CTF Field Guide is the first end-to-end training guide for CTF competitions, and the first to allow ongoing collaboration and updates based on real-world attack trends.