Abstract
Capture the flag (CTF) challenges are broadly used for engaging trainees in the technical aspects of cybersecurity, maintaining hands-on lab exercises, and integrating gamification elements. However, deploying the appropriate digital environment for conducting cybersecurity exercises can be challenging and typically requires a lot of effort and system resources by educators. In this paper, we present PocketCTF, an extensible and fully independent CTF platform, open to educators to run realistic virtual labs to host cybersecurity exercises in their classrooms. PocketCTF is based on containerization technologies to minimize the deployment effort and to utilize less system resources. A proof-of-concept implementation demonstrates the feasibility of deploying CTF challenges that allows the trainees to engage not only in offensive security but also in defensive tasks that have to be conducted during cybersecurity incidents. When using PocketCTF, educators can deploy hands-on labs, spending less time on the deployment and without necessarily having the advanced technical background to deploy complex labs and scenarios.
Highlights
A proof-of-concept implementation demonstrates the feasibility of deploying Capture the flag (CTF) challenges that allows the trainees to engage in offensive security and in defensive tasks that have to be conducted during cybersecurity incidents
This paper presented PocketCTF, a flexible and portable platform for cybersecurity educators to create and manage virtual labs, both for offensive and defensive security training
PocketCTF is focused on portability and easy-deployment and introduces a way to include all of the important software packages for hands-on labs inside a single virtual machine, while vulnerable services are deployed as Docker containers along with the victim and attack hosts
Summary
Capture the flag (CTF) challenges and virtual labs for organizing hands-on cybersecurity exercises have recently become very popular worldwide [1,2]. Publishes training labs in the form of virtual images to support hands-on training sessions along with instructive materials [6] Another important approach is Cyberdefenders [17], which is an online platform that hosts CTF challenges that mostly focus on defensive tasks and blue teaming. Based on the above observations, this paper presents PocketCTF, a flexible, easy to deploy and portable platform for cybersecurity educators to create and manage virtual labs, both for training offensive and defensive security. We present the software architecture of PocketCTF and elaborate on its main components and its advantageous features Based on this architecture, a proof-of-concept implementation was deployed in order to run a CTF scenario that relates to blue teams and defensive tactics.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
