awesome-ctf-challenge-design

List of intentional gameplay features which may be used as weird machines, and exploit-based machines which can be triggered by ordinary player input.

Examines computer architecture, computability theory, and the history of computers from the perspective of one instruction set computing.

Languages, platforms, and systems that break from the norms of computing

Meredith L. Patterson's talk at 28c3. Draws a direct connection between ubiquitous insecurity and computer science concepts of Turing completeness and theory of languages

A TLDR about the concept of Weird Machines.

Sergey Bratus' keynote at the TROOPERS 2010 conference. You can

A set of CTF exercises and a physical activity based on an urban race, both of which are tied into a fictional story that students act out.

Conversartion session between STÖK and Adam Langley

A card game which all employees of a company can play to understand threats and document security requirements.

A training game designed by the CIA to teach employees about various collection capabilities.

A paper presenting the design of a novel kind of live security competition centered on the concept of Cyber Situational Awareness.

All the game components necessary to run an Attack-Defense CTF that OOO used from 2018-2021

A methodology for designing "Serious Escape Games" for learning.

Thijs Bosschert's talk at SHA2017 on how to create the best experience for the players, pitfalls and how to design puzzles and puzzle flows.

A TED talk by Alex Rosenthal about constructing puzzles and the MIT Mystery Hunt.

This framework is a step towards designing learning technologies that can recognize and evoke curiosity during learning in social contexts.

A paper that identifies fine-grained social scaffolding of curiosity in child-child interaction, and proposes how they can be used to elicit and maintain curiosity in technology-enhanced learning environments.

A paper that presents the design and evaluation of a gamified computer security module, with a unique approach to assessed learning activities.

This paper presents a design model of curiosity that articulates the relationship between uncertainty and curiosity and defines the role of failure and question-asking within that relationship.

Making CTFs cheap and reusable by extending a bug injection system to add exploitable vulnerabilities, enabling rapid generation of new CTF challenges.

Attacker Chatbots for Randomised and Interactive Security Labs, Using SecGen and oVirt

A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events

A catalog of bad practices that are exceptionally risky, especially in organizations supporting critical infrastructure or NCFs

IETF RFCs have a status called "Best Current Practice". This page lets you filter them using that status.

Design guidelines for CTF authors and organizers

Some important maxims to live out when making a CTF.

Blog post from Julia Evans.