Trail of Bits Releases Capture the Flag Field Guide

Dan Guido
capture-the-flag, darpa, education, guides, press-release

Free Online Coursework Allows Students, Professionals to Build Essential Offensive Security Skills

New York, NY (May 20, 2014)–Security researchers at Trail of Bits today introduced the CTF Field Guide (Capture the Flag), a freely available, self-guided online course designed to help university and high school students hone the skills needed to succeed in the fast-paced, offensive competitions known as Capture the Flag.

Capture the Flag events consist of many small challenges that require participants to exercise skills across the spectrum of computer security, from exploit creation and vulnerability discovery to forensics. Participation in such games is widely viewed as a critical step in building computer security expertise, especially for high school and college students considering a career in the field.

Despite the value of CTF events, few high schools and colleges have the resources to mentor students interested in computer security, and often the expertise needed to create and train CTF teams is lacking. The CTF Field Guide will help students build the skills to compete and succeed in these competitions, supplementing their existing coursework in computer security and providing motivated students with the structure and guidance to form their own CTF teams.

The CTF Field Guide is based on course content created by Dan Guido, co-founder and CEO of Trail of Bits and Hacker in Residence at NYU Polytechnic School of Engineering, one of the first universities to offer a cybersecurity program.

Guido is among the few instructors in the country to teach offensive security tactics, and his Penetration Testing and Vulnerability Analysis course is a mainstay of the cybersecurity programs at NYU Engineering. The CTF Field Guide combines elements of Guido’s classes, along with material Trail of Bits developed in collaboration with the Defense Advanced Research Projects Agency (DARPA) to train military academy students and reference material from leading security researchers around the world.

“Capture the Flag events can test and improve almost every skill that computer security professionals rely on, but one of the most valuable is mastering offensive maneuvers—-learning to think like attackers,” said Guido. “We created the CTF Field Guide to allow anyone interested in boosting their skills, from high school students to working professionals, to benefit from some of the best teaching in the world, free of charge and at their own pace.”

The CTF Field Guide is housed on GitHub, which allows users to contribute to and improve the course material over time. It is also available as a downloadable GitBook that can be viewed as a pdf or ebook. While courses on similar topics have been previously offered online, the CTF Field Guide is the first to be freely available and to allow ongoing collaboration and updates based on real-world attack trends.

Participation in CTF competitions has skyrocketed in recent years. Some of the largest events—DEF CON’s CTF and the NYU Engineering CSAW CTF among them—attract tens of thousands of entrants, and many events now include challenges specifically tailored for young student teams.

Trail of Bits is a sponsor of the High School CTF (HSCTF), the first CTF event designed for high school students by their peers which included more than 1000 competitors. Guido believes there’s no better time to launch the CTF Field Guide. “Students who competed in these recent games—or who plan to do so in the future—can start the course right now and there’s no question they’ll be better prepared to succeed next year.”

About Trail of Bits

Founded in 2012, Trail of Bits enables enterprises to make better strategic security decisions with its world-class experience in security research, red teaming and incident response. The Trail of Bits management team is comprised of some of the most recognized researchers in the security industry, renowned for their expertise in reverse engineering, novel exploit techniques and mobile security. Trail of Bits has collaborated extensively with DARPA on the agency’s acclaimed Cyber Fast Track, Cyber Grand Challenge and Cyber Stakes programs. In 2014, the company launched its first enterprise product, Javelin, which simulates attacks to help companies measure and refine their security posture.

Learn more at www.trailofbits.com