Designing a solution for automating the management of a capture the flag network

Abstract: Everyday one hears about another cyber attack against a company or state. In 2023 the cost of cyber crime reached 8 trillion USD and is expected to reach 10 trillion in 2025 [1]. It is becoming increasingly clear that cyber security is important in modern society and especially in the IT industry. Practical cyber security courses, like ethical hacking, are important to teach students about how attacks are performed and how to identify vulnerabilities. One such course is ethical hacking (EN2720) at the KTH Royal Institute of Technology. This practical course allows students to practice hacking techniques on a simulated corporate network much like in a capture the flag type event. However, as these networks are being used in unintended ways, as is the nature of the course, it is common for hosts in the network to break. When this happens students will email teaching assistants (TA) to restart the instance. This wastes both students time as they much wait for TAs to read their email and it wastes TAs time as they most issues they deal with are these requests for restarts. This thesis aims to research, design and implement a solution to this problem. In the research phase it is decided that the best solution would be a web application where students can authenticate themselves using existing credentials and request a restart of an instance. The design phase outlines the steps of exactly how this web app will work. The web app is implemented in python as a proof of concept and tests are written to ensure it operated as intended. It is found that the web app successfully solves the outlined problem but there could be some improvements made. Students use provided public key certificates to authenticate themselves, although appropriate in practice, it theory public keys are not secure and can be held by anyone.