Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-ctf-challenge-design

🕶 Design fun and insightful CTF challenges
https://github.com/kareniel/awesome-ctf-challenge-design

Last synced: 3 days ago
JSON representation

Weird Machines & Esolangs
- Esoteric.Codes - Languages, platforms, and systems that break from the norms of computing
- What are Weird Machines? - A TLDR about the concept of Weird Machines.
- Abadidea's Index of Weird Machines in Video Games - List of intentional gameplay features which may be used as weird machines, and exploit-based machines which can be triggered by ordinary player input.
- What Hacker Research Taught Me - Sergey Bratus' keynote at the TROOPERS 2010 conference. You can [find the slides here](https://www.cs.dartmouth.edu/~sergey/hc/rss-hacker-research.pdf).
- The Science of Insecurity - Meredith L. Patterson's talk at 28c3. Draws a direct connection between ubiquitous insecurity and computer science concepts of Turing completeness and theory of languages
- Computer Architecture: A Minimalist Perspective - Examines computer architecture, computability theory, and the history of computers from the perspective of one instruction set computing.
General
- What makes a programming exercise good? - Blog post from Julia Evans.
- CTF Design Guidelines - Design guidelines for CTF authors and organizers
- The Many Maxims of Maximally Effective CTFs - Some important maxims to live out when making a CTF.
Approaches & Specific Designs
- Hit ’em Where it Hurts - A paper presenting the design of a novel kind of live security competition centered on the concept of Cyber Situational Awareness.
- A Serious Game for Eliciting Social Engineering Security Requirements - A card game which all employees of a company can play to understand threats and document security requirements.
- Collection Deck - A training game designed by the CIA to teach employees about various collection capabilities.
- Teaching Network Security Through Live Exercises - This paper describes a series of live exercises that have been used in a graduate-level Computer Science course on network security.
- OOO DEF CON CTF finals infrastructure code - All the game components necessary to run an Attack-Defense CTF that OOO used from 2018-2021
- A “Divergent”-themed CTF and Urban Race for Introducing Security and Cryptography - A set of CTF exercises and a physical activity based on an urban race, both of which are tied into a fictional story that students act out.
- ARE CTF CREATORS EVIL?! - A Conversation around realworld CTF's with Adam Langley - Conversartion session between STÖK and Adam Langley
Engineering
- AutoCTF - Creating Diverse Pwnables via Automated Bug Injection - Making CTFs cheap and reusable by extending a bug injection system to add exploitable vulnerabilities, enabling rapid generation of new CTF challenges.
- Security Scenario Generator (SecGen) - A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events
- Hackerbot - Attacker Chatbots for Randomised and Interactive Security Labs, Using SecGen and oVirt
Game/Puzzle Design
- The Secrets of Puzzle Design - How Game Designers Explore Ideas and Themes with Puzzles and Problems.
- The Puzzle Instinct
- Designing the Puzzle - Bob Bates's short paper on puzzle taxonomy and how to distinguish a good from a bad puzzle.
- Empuzzlement - Puzzle game designers talking about puzzles. Featuring: Jonathan Blow, Marc ten Bosch, and Droqen.
- Design to Reveal the Nature of the Universe - A talk from Jonathan Blow & Marc Ten Boch at IndieCade 2011.
- Open-Ended Puzzle Design at Zachtronics - Interview with Zach Barth on his studio's puzzle design process, from the initial foundation to the basic mechanics, to the way story is integrated. See also [Zach-like](https://zachtronics.itch.io/zach-like) (PDF) which is a book of behind-the-scenes design documents from Zachtronics.
- Practical Creativity - Raph Koster explains what science tells us about creativity, and offers practical straightforward steps that any game designer or developer can make use of in order to get more creative.
- How to make a good puzzle - An explorable explanation on how to make a puzzle that's fun, and satisfying to solve.
Learning, Curiosity & Gamification
- Modeling and Designing for Key Elements of Curiosity: Risking Failure, Valuing Questions - This paper presents a design model of curiosity that articulates the relationship between uncertainty and curiosity and defines the role of failure and question-asking within that relationship.
- A New Theoretical Framework for Curiosity for Learning in Social Contexts - This framework is a step towards designing learning technologies that can recognize and
- Curious Minds Wonder Alike - A paper that identifies fine-grained social scaffolding of curiosity in child-child interaction, and proposes how they can be used to elicit and maintain curiosity in technology-enhanced learning environments.
- Gamification for teaching and learning computer security in higher education - A paper that presents the design and evaluation of a gamified computer security module, with a unique approach to assessed learning activities.
Running Events
- Learning Obstacles in the Capture The Flag Model - Insights and lessons learned from organizing CSAW CTF
- Organizing Large Scale Hacking Competitions - Two new competition designs, the challenges overcome, and the lessons learned, with the goal of providing useful guidelines to other educators who want to pursue the organization of similar events
- Ten Years of iCTF - The Good, The Bad, and The Ugly - There is also [a paper about this](https://www.researchgate.net/publication/278724640_Ten_Years_of_iCTF_The_Good_The_Bad_and_The_Ugly).
- Suggestions for running a CTF - Describes some of the design decisions and technical details involved in running a CTF competition.
Escape Rooms & Puzzle Hunts
- A Model to Design Learning Escape Games: SEGAM - A methodology for designing "Serious Escape Games" for learning.
- The joyful, perplexing world of puzzle hunts - A TED talk by Alex Rosenthal about constructing puzzles and the MIT Mystery Hunt.
- The art of creating an escape room - Thijs Bosschert's talk at SHA2017 on how to create the best experience for the players, pitfalls and how to design puzzles and puzzle flows.
Mario Maker Troll Levels
- Trolling for Dummies - A perpetual work in progress and that will continue to be updated as the community learns more about making good troll levels, and as new techniques are discovered.
- Mario Maker 2 Multiplayer Troll Design - How to design a multiplayer troll that works and thrills the players and audiences.
- Multiplayer Contraptions in Super Mario Maker 2 - This guide is about various contraptions related to the multiplayer modes. Some of them are to separate the mode. And others to determine the amount of players.
- MulTROLLplayer Research Hub Tech Sheet - A compilation of multiplayer tech, from totally obvious to glitchy jank.
Finding Challenge Ideas
- Search RFCs by "best current practice" - IETF RFCs have a status called "Best Current Practice". This page lets you filter them using that status.
- CISA's catalog of "bad practice" - A catalog of bad practices that are exceptionally risky, especially in organizations supporting critical infrastructure or NCFs
Footnotes
- See Also
  - CTFs
  - Security
  - AppSec
  - Hacking
  - Web Security

Programming Languages

Shell 1 Python 1 PHP 1 JavaScript 1

Ecosyste.ms: Awesome

awesome-ctf-challenge-design

Weird Machines & Esolangs

General

Approaches & Specific Designs

Engineering

Game/Puzzle Design

Learning, Curiosity & Gamification

Running Events

Escape Rooms & Puzzle Hunts

Mario Maker Troll Levels

Finding Challenge Ideas

Footnotes

See Also