Automatic Challenge Generation for Hands-on Cybersecurity Training

Abstract

Just reading the news is enough to understand how critical cybersecurity and cybersecurity-education have become. Many job positions remain unfilled due to a shortage of a skilled workforce, and universities have opened courses on cybersecurity-related topics to keep up with market demands. In turn, educators are reshaping their educational material and activities to cover both the standard theory of the field and the practice. However, organizing hands-on cybersecurity training is laborious and time consuming. We present Chad, a tool we developed to support instructors in the development and deployment of practical cybersecurity exercises. Chad, an open-source project written in Python, allows teachers to generate multiple different instances of an exercise, guaranteeing that they all share the same difficulty and require the same knowledge to be solved. Our tool also supports the testing of generated exercises, and their deployment, by leveraging technologies like Docker, Wireguard and iptables. Chad has been integrated with Github classroom and field-tested, during a.y. 2021/2022, in the context of a university course on binary analysis. However, its adoption is not limited to such topics or formal education. Indeed, the Github repository contains examples of reversing-engineering challenges for Linux and Windows, and a simple web challenge.