Computer science students design and compete in Capture the Flag contest

The field of cybersecurity requires that innovative computer scientists are constantly thinking about vulnerabilities in computer systems, so they can be prepared to defend systems from digital attacks.

On April 9, 2022, computer science students at Ohio University designed and participated in a Capture the Flag (CTF) contest, which is a contest in which “flags” are hidden within programs or websites to be discovered by competitors.

“CTF is a competition with challenges that allow students to be introduced to cybersecurity concepts. Challenges usually pertain to computer forensics, pwn/binary exploitation, reverse engineering, web and cryptography,” said Alex Williams, fourth-year computer science student and a co-designer of the contest’s trials. 

“Capture the Flag contests involve exploiting flaws in a system to detect a secret phrase hidden on a machine or inside a file. This contest was four hours, so we had several small scenarios each with assigned point values based on difficulty of the individual challenge,” said Chad Mourning, assistant professor in the School of Electrical Engineering and Computer Science. 

Williams, Nick Maude and Hudson Stouffer collaborated to create the content for the contest. In order to prepare for the contest, the team researched previous CTF competitions, challenge categories and the latest in security vulnerabilities. Methods of digital attacks are constantly evolving, so it was important that the group directed their attention to the most recent research in cybersecurity. 

Creating the contest’s trials allowed the team to get hands on experience as they prepared for their future careers in cybersecurity. Each team member tackled a category in the contest, so they could gain experience designing both independently and collaboratively. Designing the challenges required creative problem solving to make each trial both fun and challenging. 

“The greatest challenge was being able to create challenges that were difficult but not impossible to solve. Creating a challenge is harder than solving it, so the harder a challenge is to solve, the harder it is to create it,” said Williams. 

Their efforts culminated in the CTF contest and the 20th Annual Student Expo. At the CTF contest, they hosted competing teams from Ohio University, Bowling Green State University and Ohio State University. At the Student Expo, they took first place in their category, which validated the cybersecurity concepts they used to inform the trials. 

“[The Student Expo] seemed like the first step to seeing all our work pay off, like we had made something that would have an actual impact on students,” said Williams. 

The success of the event allowed the team to prepare for the workforce through their research and design and simultaneously teach budding computer science students how to solve their own security challenges. 

“The students are very interested in [cybersecurity], and this was a great way for them to explore their interest. I’ll be teaching a cybersecurity course in the Fall, which we’ve had to increase the capacity on twice and find a bigger room,” said Mourning. 

There is a strong interest in cybersecurity among students at OHIO and the CTF competition allows students to develop their skills through experiential learning. The success of this event proved that there is a need for more hands-on opportunities in cybersecurity, so Mourning is in the process of planning another larger event for Fall 2022. 

“If every computer science graduate in the United States went into cybersecurity, they still wouldn’t fill all of the jobs,” finished Mourning.