Serious Discussion The platform that will KILL PicoCTF and HackTheBox - Looking for Feedback

[cyber_ent]

Dear cybersecurity enthusiasts,

I am developing a CTF platform, tailored for high school students that will include CTF's that will be similar to PicoCTF challenges, but with better explanation.

The goal is to combine the best aspects of HackTheBox and PicoCTF while making challenges more engaging and interesting.

The platform will include:

• Gamified & short Jeopardy-style CTF challenges, so users don't drown in tons of text
• Learning paths (cryptography, binary exploitation, etc.)
• Skill-based rankings (Beginner, Intermediate, Pro Hacker etc.) to show growth.
• A daily streak feature and stats for added motivation.
• Hints for challenges (just like PicoCTF).
• A short explanation of the challenge before (so you actually know what you are doing)
• A short correct procedure of the challenge after you solved or haven't solved the challenge.

Special feature of the platform:

Guided Quiz: A set of challenges designed to help beginners find the best cybersecurity field for them. With so many paths in cybersecurity, this feature will guide new users toward the area that suits them best.

Feedback questions:

1. What are your thoughts on a feature that guides beginners toward their ideal field in cybersecurity?
2. Do you think my platform's CTF format could be an improvement on PicoCTF’s approach?

Thank you for any feedback.

 

[bazang]

Feedback questions:

1. What are your thoughts on a feature that guides beginners toward their ideal field in cybersecurity?
2. Do you think my platform's CTF format could be an improvement on PicoCTF’s approach?

1. Of course some young people will find it very appealing.
2. Yes. You are focusing on much needed enhancements.

I would not make it so gamified as OSCP. That is too gamified and focuses too much on esoteric tools & utilities on Kali Linux.

A better approach is to make it more realistic along the lines of TCM Security Practical Network Penetration Tester (PNPT) or INE. I do not mean to teach pentesting as a course. I mean to make the CTF practical and realistic.

There is a great need for defensive security (Blue Team) training to understand kill chain and what should or could have been done to mitigate attacks. Post-mortem CTF analysis is ripe for opportunity. There are very few people, training organizations, or online platforms that teach both sides.

Open a Discord associated with your platform. (Don't do this unless you have people you know very well who will take on the responsibility of moderating and managing it.)

I give you a lot of kudos because what you are doing requires an enormous amount of effort. It took TCM about 10 years to get where it is at today. Long hours. Lots of times they wanted to quit, but did not.

Platforms like Hack the Box remain relevant because of ippsec.