awesome-ctf-challenge-design

🕶 Design fun and insightful CTF challenges
https://github.com/kareniel/awesome-ctf-challenge-design

Last synced: 2 days ago
JSON representation

General
- What makes a programming exercise good? - Blog post from Julia Evans.
- CTF Design Guidelines - Design guidelines for CTF authors and organizers
- The Many Maxims of Maximally Effective CTFs - Some important maxims to live out when making a CTF.
Approaches & Specific Designs
- A Serious Game for Eliciting Social Engineering Security Requirements - A card game which all employees of a company can play to understand threats and document security requirements.
- Collection Deck - A training game designed by the CIA to teach employees about various collection capabilities.
- Teaching Network Security Through Live Exercises - This paper describes a series of live exercises that have been used in a graduate-level Computer Science course on network security.
- OOO DEF CON CTF finals infrastructure code - All the game components necessary to run an Attack-Defense CTF that OOO used from 2018-2021
- Hit ’em Where it Hurts - A paper presenting the design of a novel kind of live security competition centered on the concept of Cyber Situational Awareness.
- A “Divergent”-themed CTF and Urban Race for Introducing Security and Cryptography - A set of CTF exercises and a physical activity based on an urban race, both of which are tied into a fictional story that students act out.
- ARE CTF CREATORS EVIL?! - A Conversation around realworld CTF's with Adam Langley - Conversartion session between STÖK and Adam Langley
Engineering
- AutoCTF - Creating Diverse Pwnables via Automated Bug Injection - Making CTFs cheap and reusable by extending a bug injection system to add exploitable vulnerabilities, enabling rapid generation of new CTF challenges.
- Security Scenario Generator (SecGen) - A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events
- Hackerbot - Attacker Chatbots for Randomised and Interactive Security Labs, Using SecGen and oVirt
Game/Puzzle Design
- The Secrets of Puzzle Design - How Game Designers Explore Ideas and Themes with Puzzles and Problems.
- The Puzzle Instinct
- Designing the Puzzle - Bob Bates's short paper on puzzle taxonomy and how to distinguish a good from a bad puzzle.
- Empuzzlement - Puzzle game designers talking about puzzles. Featuring: Jonathan Blow, Marc ten Bosch, and Droqen.
- Design to Reveal the Nature of the Universe - A talk from Jonathan Blow & Marc Ten Boch at IndieCade 2011.
- Open-Ended Puzzle Design at Zachtronics - Interview with Zach Barth on his studio's puzzle design process, from the initial foundation to the basic mechanics, to the way story is integrated. See also [Zach-like](https://zachtronics.itch.io/zach-like) (PDF) which is a book of behind-the-scenes design documents from Zachtronics.
- Practical Creativity - Raph Koster explains what science tells us about creativity, and offers practical straightforward steps that any game designer or developer can make use of in order to get more creative.
Learning, Curiosity & Gamification
- Modeling and Designing for Key Elements of Curiosity: Risking Failure, Valuing Questions - This paper presents a design model of curiosity that articulates the relationship between uncertainty and curiosity and defines the role of failure and question-asking within that relationship.
- A New Theoretical Framework for Curiosity for Learning in Social Contexts - This framework is a step towards designing learning technologies that can recognize and
- Curious Minds Wonder Alike - A paper that identifies fine-grained social scaffolding of curiosity in child-child interaction, and proposes how they can be used to elicit and maintain curiosity in technology-enhanced learning environments.
- Gamification for teaching and learning computer security in higher education - A paper that presents the design and evaluation of a gamified computer security module, with a unique approach to assessed learning activities.
Running Events
- Learning Obstacles in the Capture The Flag Model - Insights and lessons learned from organizing CSAW CTF
- Organizing Large Scale Hacking Competitions - Two new competition designs, the challenges overcome, and the lessons learned, with the goal of providing useful guidelines to other educators who want to pursue the organization of similar events
- Ten Years of iCTF - The Good, The Bad, and The Ugly - There is also [a paper about this](https://www.researchgate.net/publication/278724640_Ten_Years_of_iCTF_The_Good_The_Bad_and_The_Ugly).
- Suggestions for running a CTF - Describes some of the design decisions and technical details involved in running a CTF competition.
Weird Machines & Esolangs
- What are Weird Machines? - A TLDR about the concept of Weird Machines.
- Abadidea's Index of Weird Machines in Video Games - List of intentional gameplay features which may be used as weird machines, and exploit-based machines which can be triggered by ordinary player input.
- What Hacker Research Taught Me - Sergey Bratus' keynote at the TROOPERS 2010 conference. You can [find the slides here](https://www.cs.dartmouth.edu/~sergey/hc/rss-hacker-research.pdf).
- The Science of Insecurity - Meredith L. Patterson's talk at 28c3. Draws a direct connection between ubiquitous insecurity and computer science concepts of Turing completeness and theory of languages
- Computer Architecture: A Minimalist Perspective - Examines computer architecture, computability theory, and the history of computers from the perspective of one instruction set computing.
Escape Rooms & Puzzle Hunts
- A Model to Design Learning Escape Games: SEGAM - A methodology for designing "Serious Escape Games" for learning.
- The joyful, perplexing world of puzzle hunts - A TED talk by Alex Rosenthal about constructing puzzles and the MIT Mystery Hunt.
- The art of creating an escape room - Thijs Bosschert's talk at SHA2017 on how to create the best experience for the players, pitfalls and how to design puzzles and puzzle flows.
Mario Maker Troll Levels
- Trolling for Dummies - A perpetual work in progress and that will continue to be updated as the community learns more about making good troll levels, and as new techniques are discovered.
- Mario Maker 2 Multiplayer Troll Design - How to design a multiplayer troll that works and thrills the players and audiences.
- Multiplayer Contraptions in Super Mario Maker 2 - This guide is about various contraptions related to the multiplayer modes. Some of them are to separate the mode. And others to determine the amount of players.
- MulTROLLplayer Research Hub Tech Sheet - A compilation of multiplayer tech, from totally obvious to glitchy jank.
Finding Challenge Ideas
- Search RFCs by "best current practice" - IETF RFCs have a status called "Best Current Practice". This page lets you filter them using that status.
- CISA's catalog of "bad practice" - A catalog of bad practices that are exceptionally risky, especially in organizations supporting critical infrastructure or NCFs
Footnotes
- See Also
  - CTFs
  - Security
  - AppSec
  - Hacking
  - Web Security

Programming Languages

Shell 1 Python 1 PHP 1 JavaScript 1

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

awesome-ctf-challenge-design

General

Approaches & Specific Designs

Engineering

Game/Puzzle Design

Learning, Curiosity & Gamification

Running Events

Weird Machines & Esolangs

Escape Rooms & Puzzle Hunts

Mario Maker Troll Levels

Finding Challenge Ideas

Footnotes

See Also