>cyber security club in uni is doing a CTF >they want me to make reverse engineering challenges since they know I'm good at it
>know they're all beginners so I make some simple ones and teach them all about commands like strings and how to use r2 and get free legal copies of IDA Pro
>make some simple ones, they could literally run strings or open them in notepad and ctrl+f "FLAG" on all of them to get the answer
>puts("what's the password!") >fgets(...) >if(strcmp(input, "FLAG:blahblah123!"))
>puts("enter a license key!") >if( InputNumber % 39 == 0)
>puts("I'm thinking of a number!") >if( InputNumber == current Hour)
>ctf day comes, they're all doing their challenges >basic python and business tech trivia and kali and sql injection and file system permission stuff >get to mines >wtf user this is too hard! >but read the directions you can just open it in notepad or run strings on it too >25 minutes go by and only 2/35 people solve the first one >organizers: user are you trying to show off how smart you are or something? Why didn't you just make something easy? >sorry about that you guys, you don't have to anons reverse engineering challenges it and it wont count against you well put the flag answers up on the board
Later >we don't want you writing reverse engineer challenges anymore user they're too hard
What the fuck guys Is cyber security really just fucking business tech at this point? Was I really too hard on them?
>Is cyber security really just fucking business tech at this point? Was I really too hard on them? yes also >uni there's your problem. try teaching a trade school instead or tutoring.
ok so I see your upset, and I can see several points where this went wrong, if you're interested I have some notes for you:
First of all, it's not really your fault, but it's not their fault either. The real issue is in how you probably don't have any experience as a consultant.
I do suggest you reach out to them and apologize, and try to delineate exactly what went wrong.
things that went wrong: >1) you assumed you assumed you know what the organizers wanted, when you actually didn't >2) you think you did a good job you might have, but the problem is, is that you produced something that the client said he wanted, but didn't actually need. >3) you're inexperienced at making games now there's no shame in this, it's just lack of experience. >4) you didn't test properly I think this is self-explanatory. you could have done it like a UI focus test.
strategies that can help you in the future: 0) learn some humility 1) learn requirements engineering 2) understand that technical skill is only half the battle 3) try to fix the relationship problem between you and the customer (organizers) for extra people skills
wish you all the best OP.
Anthony Martinez
Would you mind posting the problems with the instructions? I'd like to try them on my own before I do a CTF. I'm a sophomore currently and wanna know where I fall. It doesn't seem like those are that hard considering what I've heard ctf's are like at my school
Colton Lee
is this a copy-paste
Grayson Ortiz
there's a lot of identifiable information there and the problem too is that about 5 people in the club also regularly browse Jow Forums so they'll probably know exactly who I am if i come across this thread.
CTFs/Hackathons are games. You were asked to design a game. you sucked at it because you don't know how to make a good game.
Christian Russell
this is text-book quality bait
Landon Torres
how could he have possibly made it more simpler
Asher Gomez
What the fuck? This is shit I could do in my sophomore year of high school in PicoCTF.
Parker Hernandez
If they weren't paying, it wasn't "consulting" and they weren't his "clients". No right to be upset with OP after he invested his time and effort into the event and provided them with shit to do even if at the end they decided for the score not to count. If they give him a hard time over the wrong assumption that the participants weren't freshman out of high school and assume he was trying to show off then they're likely retarded women who are insecure about one of their peers actually knowing shit instead of going through life having everything done for them by white knights. Heck, he showed the damn kids they don't know shit. He probably provided more value to the participants than the easy self congratulatory Python challenges. Who cares what some of the retards organizing the event think? Again, they weren't his "clients", and providing the participants with an unwarranted boost in their self esteem wasn't necessarily the goal.
Noah Gray
>regularly browse Jow Forums so they'll probably know exactly who I am if i come across this thread.
i think one of them is in the thread now lol
Nathaniel Allen
games aren't about being simple.
hey, it's free advice. if you're always right and you always know what's best for other people, I guess that's your prerogative.
some people are interested in working on themselves, some aren't.
Luis Foster
Understandable, thanks for the link
Brody Hernandez
>if you're always right and you always know what's best for other people oh, the irony
Charles Phillips
Post the challenge
Angel Brooks
...
Brody Hall
You've already posted more than enough information for anyone in your cyber security club to identify you. Everyone else doesn't give a shit. Assuming there isn't any identifiable information about the university/club in the challenge, you're not going to blow your cover any further if you post it.