Skip to main content

Enlivening Port Scanning Exercises with Capture the Flag and Deduction

  • 279 Accesses

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 579)

Abstract

Designing engaging exercises when students do not yet possess a lot of knowledge can be difficult. We show how we draw on students’ prior knowledge, along with basic introductory concepts, to design an elemental (but fun) port scan exercise in an introductory security testing module. While “capture the flag” is a security industry standard for exercises, it can require a lot of in-depth knowledge to properly implement and complete. Using basic computer science concepts such as ports and ASCII values, we design a simplified capture the flag exercise where students can make use of deductive reasoning to complete the game. Overall, the exercise was received favourably by the students who found it challenging but enriching.

Keywords

  • Security testing
  • Experiential learning
  • Deductive learning
  • Port scanning
  • Capture the flag

I would like to thank my Information Security in the WWW class of 2019 for braving this exercise!.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-59291-2_12
  • Chapter length: 14 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-59291-2
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   74.99
Price excludes VAT (USA)
Hardcover Book
USD   99.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.

Notes

  1. 1.

    The nginx configurations and python scripts are available for download from: https://blauw.link/wise13.

References

  1. Senge, P.M.: The Fifth Discipline: The Art & Practice of The Learning Organization. Doubleday, New York (2006)

    Google Scholar 

  2. Kolb, D.A.: Experiential Learning: Experience as the Source of Learning and Development. Pearson Education, Upper Saddle River (2015)

    Google Scholar 

  3. Huotari, K., Hamari, J.: Defining gamification - a service marketing perspective. In: Proceeding of the 16th International Academic MindTrek Conference, pp. 17–22, October 2012. https://doi.org/10.1145/2393132.2393137

  4. Lee, N., Manners, D.: Gamification of penetration testing. Counterterrorism and Cybersecurity, pp. 343–347. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17244-6_14

    CrossRef  Google Scholar 

  5. Felder, R.M., Silverman, L.K., et al.: Learning and teaching styles in engineering education. Eng. Educ. 78(7), 674–681 (1988)

    Google Scholar 

  6. Wilhelm, T.: Professional Penetration Testing: Creating and Learning in a Hacking Lab. Syngress, Waltham (2013)

    Google Scholar 

  7. NMAP: Nmap: the Network Mapper - Free Security Scanner (2020). https://nmap.org/

  8. Rocha, J.B., Mascarenhas, S., Prada, R.: Game mechanics for cooperative games. ZON Digit. Games 2008, 72–80 (2008)

    Google Scholar 

  9. Atkin, M.S., Westbrook, D.L., Cohen, P.R.: Capture the flag: military simulation meets computer games. In: Proceedings of AAAI Spring Symposium Series on AI and Computer Games, pp. 1–5 (1999)

    Google Scholar 

  10. Bishop, M.: A design for a collaborative make-the-flag exercise. In: Drevin, L., Theocharidou, M. (eds.) WISE 2018. IAICT, vol. 531, pp. 3–14. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99734-6_1

    CrossRef  Google Scholar 

  11. Cowan, C., Arnold, S., Beattie, S., Wright, C., Viega, J.: Defcon capture the flag: defending vulnerable code from intense attack. In: Proceedings DARPA Information Survivability Conference and Exposition, vol. 1, pp. 120–129. IEEE (2003)

    Google Scholar 

  12. Vigna, G.: Teaching network security through live exercises. In: Irvine, C., Armstrong, H. (eds.) WISE 2003. IAICT, vol. 125, pp. 3–18. Springer, New York (2003). https://doi.org/10.1007/978-0-387-35694-5_2

    CrossRef  Google Scholar 

  13. nginx: Server block examples | NGINX (2020). https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks/

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Frans F. Blauw .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 IFIP International Federation for Information Processing

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Blauw, F.F. (2020). Enlivening Port Scanning Exercises with Capture the Flag and Deduction. In: Drevin, L., Von Solms, S., Theocharidou, M. (eds) Information Security Education. Information Security in Action. WISE 2020. IFIP Advances in Information and Communication Technology, vol 579. Springer, Cham. https://doi.org/10.1007/978-3-030-59291-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-59291-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-59290-5

  • Online ISBN: 978-3-030-59291-2

  • eBook Packages: Computer ScienceComputer Science (R0)