>cyber security club in uni is doing a CTF >they want me to make reverse engineering challenges since they know I'm good at it
>know they're all beginners so I make some simple ones and teach them all about commands like strings and how to use r2 and get free legal copies of IDA Pro
>make some simple ones, they could literally run strings or open them in notepad and ctrl+f "FLAG" on all of them to get the answer
>puts("what's the password!") >fgets(...) >if(strcmp(input, "FLAG:blahblah123!"))
>puts("enter a license key!") >if( InputNumber % 39 == 0)
>puts("I'm thinking of a number!") >if( InputNumber == current Hour)
>ctf day comes, they're all doing their challenges >basic python and business tech trivia and kali and sql injection and file system permission stuff >get to mines >wtf user this is too hard! >but read the directions you can just open it in notepad or run strings on it too >25 minutes go by and only 2/35 people solve the first one >organizers: user are you trying to show off how smart you are or something? Why didn't you just make something easy? >sorry about that you guys, you don't have to anons reverse engineering challenges it and it wont count against you well put the flag answers up on the board
Later >we don't want you writing reverse engineer challenges anymore user they're too hard
What the fuck guys Is cyber security really just fucking business tech at this point? Was I really too hard on them?
>Is cyber security really just fucking business tech at this point? Was I really too hard on them? yes also >uni there's your problem. try teaching a trade school instead or tutoring.
ok so I see your upset, and I can see several points where this went wrong, if you're interested I have some notes for you:
First of all, it's not really your fault, but it's not their fault either. The real issue is in how you probably don't have any experience as a consultant.
I do suggest you reach out to them and apologize, and try to delineate exactly what went wrong.
things that went wrong: >1) you assumed you assumed you know what the organizers wanted, when you actually didn't >2) you think you did a good job you might have, but the problem is, is that you produced something that the client said he wanted, but didn't actually need. >3) you're inexperienced at making games now there's no shame in this, it's just lack of experience. >4) you didn't test properly I think this is self-explanatory. you could have done it like a UI focus test.
strategies that can help you in the future: 0) learn some humility 1) learn requirements engineering 2) understand that technical skill is only half the battle 3) try to fix the relationship problem between you and the customer (organizers) for extra people skills
wish you all the best OP.
Anthony Martinez
Would you mind posting the problems with the instructions? I'd like to try them on my own before I do a CTF. I'm a sophomore currently and wanna know where I fall. It doesn't seem like those are that hard considering what I've heard ctf's are like at my school
Colton Lee
is this a copy-paste
Grayson Ortiz
there's a lot of identifiable information there and the problem too is that about 5 people in the club also regularly browse Jow Forums so they'll probably know exactly who I am if i come across this thread.
