An Offline Capture The Flag-Style Virtual Machine for Cybersecurity Education

We have developed a virtual machine (VM) framework for cybersecurity education, which we use for courses offered at the University of Birmingham. This VM includes several capture the flag (CTF) style exercises that students can complete to support their learning. On successfully completing a task students obtain a flag or token, which they can submit to a website; each student receives a different flag. The website checks that the flag is genuine and for the correct questions; it can then be used for automatic marking, or to assist the marking of written answers.

• An updated version of the VM and teaching resources are available from this page.
• The framework is described in more detail in the paper An Offline Capture The Flag-Style Virtual Machine and an Assessment of its Value for Cybersecurity Education published at the 3GSE '15 Usenix workshop.

On solving exercises each student gets a unique flag (or token), which they can submit to this website. The website records the tokens to assist with marking the exercises.

If you would like to use this VM on a course you teach please get in touch with us (T.Chothia@cs.bham.ac.uk). We will be happy to explain in more detail how it works and help adapt it to your course.