In a formal sense, MetaCTF is a platform that helps students learn about cybersecurity through a variety of perspectives. Only a few schools offer resources for acquiring this knowledge, and MetaCTF provides a safe environment for students to break into systems without fearing any consequences. This stimulates a creative and innovative “hacker” mindset, which encourages individuals to learn themselves how things work instead of blindly relying on pre-made tools that do not work in all cases. Through our events, participants from different schools and organizations exchange and share ideas and build personal networks of like-minded individuals. Many students do not register because they are afraid that they do not have enough knowledge. The purpose of the event is to teach participants some basic skills while they work in teams and interact with professionals, so it is fine if they have very little experience.
We came up with the idea of hosting a cyber Capture the Flag contest in 9th grade as a way to learn more about cybersecurity ourselves while encouraging our fellow peers to experiment with it as well. Although this was not a part of any school project or for a grade, we wanted to spark students’ interest through hands on challenges. After developing a competition website and writing a set of problems, we hosted the contest 3 years ago for the first time. Since then, we did a lot of outreach work and more development on both the problems and the platform, which allowed us to host it two more times at our school. In addition, we organized the competition at a professional security conference in DC (Shmoocon Epilogue 2016), held a virtual contest at Longwood University, and wrote the material for a week-long cybersecurity course for the MathScience Innovation Center. In addition, we helped to write the problems for a CTF competition at RVASec 2016 conference. Over the years, we were able to get a variety of sponsors who provided the participants with prizes. All of the planning, logistical work, and communication for the competition was done only by the two of us in our free time before Emil Baggs (10th) and Christopher Hallock-Solomon (9th) joined us a few months ago to help run this year’s competition.
This year on February 18th, over 90 middle and high school students from around the county attended the competition. In addition, several local companies sponsored the event including GE Ghost Red, Assura Consulting, Vizdos Enterprises, The MathScience Innovation Center, and Mindsensors.com, donating over $1500 worth of prizes and other items. During the contest, the participants, working in teams, had to solve as many problems as they could within the time limit. There were problems of all levels of difficulty, and they included a variety of categories including web exploitation, cryptography, reconnaissance, programming, and reverse engineering. The problems helped to teach the students not only the security and computer science concepts but also team collaboration and problem solving skills.
We also invited several industry security professionals from companies including GE and IBM to attend the event, present, and network with the students. This was a valuable opportunity for students to begin establishing relationships that may lead, for example, to a job opportunity in the future. One of the speakers, Anthe Koelpin, was from GE, and he gave an interesting demo and tutorial on cyber forensics (for example, hiding and finding hidden information in files). The other speaker, Rob “Mubix” Fuller, currently works at IBM on their X-Force Red Team. He shared a few of his penetration testing stories including how he had to physically infiltrate a nuclear power plant facility once without being arrested (legally of course!). Their perspectives helped to show students some of the exciting opportunities in the field of security and reinforce many of the concepts and skills they were learning through the competition.
Overall, although the event takes us several months to plan and carry out each year (including logistics, communication, and problem creation), we thoroughly enjoy not only learning about security ourselves, but helping to teach others about this field as well. In the future, we plan to continue our initiative by working to expand our competition to more students around the state or possibly turn it into a national contest.
To learn more about MetaCTF, please visit metactf.com.
Submitted by: E.Baggs, R.Bohuk, C.Hallock-Solomon, J.Smith
TIPC Category: Communication & Collaboration, Creativity and Innovation, Critical Thinking and Problem Solving, Research & Information Fluency
Web URL: https://metactf.com/