Cyber security club in uni is doing a CTF

>cyber security club in uni is doing a CTF
>they want me to make reverse engineering challenges since they know I'm good at it

>know they're all beginners so I make some simple ones and teach them all about commands like strings and how to use r2 and get free legal copies of IDA Pro

>make some simple ones, they could literally run strings or open them in notepad and ctrl+f "FLAG" on all of them to get the answer

>puts("what's the password!")
>fgets(...)
>if(strcmp(input, "FLAG:blahblah123!"))

>puts("enter a license key!")
>if( InputNumber % 39 == 0)

>puts("I'm thinking of a number!")
>if( InputNumber == current Hour)

>ctf day comes, they're all doing their challenges
>basic python and business tech trivia and kali and sql injection and file system permission stuff
>get to mines
>wtf user this is too hard!
>but read the directions you can just open it in notepad or run strings on it too
>25 minutes go by and only 2/35 people solve the first one
>organizers: user are you trying to show off how smart you are or something? Why didn't you just make something easy?
>sorry about that you guys, you don't have to anons reverse engineering challenges it and it wont count against you well put the flag answers up on the board

Later
>we don't want you writing reverse engineer challenges anymore user they're too hard

What the fuck guys
Is cyber security really just fucking business tech at this point? Was I really too hard on them?

Attached: IMG_20190225_210808.jpg (1280x720, 95K)

Other urls found in this thread:

0x00sec.org
0x00sec.org/c/reverse-engineering
twitter.com/SFWRedditGifs

>Is cyber security really just fucking business tech at this point? Was I really too hard on them?
yes
also
>uni
there's your problem. try teaching a trade school instead or tutoring.

>if(strcmp(input, "FLAG:blahblah123!") ==0)
Sorry I'm phone posting

ok so I see your upset, and I can see several points where this went wrong, if you're interested I have some notes for you:

First of all, it's not really your fault, but it's not their fault either. The real issue is in how you probably don't have any experience as a consultant.

I do suggest you reach out to them and apologize, and try to delineate exactly what went wrong.

things that went wrong:
>1) you assumed
you assumed you know what the organizers wanted, when you actually didn't
>2) you think you did a good job
you might have, but the problem is, is that you produced something that the client said he wanted, but didn't actually need.
>3) you're inexperienced at making games
now there's no shame in this, it's just lack of experience.
>4) you didn't test properly
I think this is self-explanatory. you could have done it like a UI focus test.

strategies that can help you in the future:
0) learn some humility
1) learn requirements engineering
2) understand that technical skill is only half the battle
3) try to fix the relationship problem between you and the customer (organizers) for extra people skills

wish you all the best OP.

Would you mind posting the problems with the instructions? I'd like to try them on my own before I do a CTF. I'm a sophomore currently and wanna know where I fall.
It doesn't seem like those are that hard considering what I've heard ctf's are like at my school

is this a copy-paste

there's a lot of identifiable information there and the problem too is that about 5 people in the club also regularly browse Jow Forums so they'll probably know exactly who I am if i come across this thread.

But I'll still help you out though.
Check out this site. I personally do write-ups and make challenges here as well.
0x00sec.org
0x00sec.org/c/reverse-engineering

) you're inexperienced at making games
what

>you're inexperienced at making games
>what

CTFs/Hackathons are games. You were asked to design a game. you sucked at it because you don't know how to make a good game.

this is text-book quality bait

how could he have possibly made it more simpler

What the fuck? This is shit I could do in my sophomore year of high school in PicoCTF.

If they weren't paying, it wasn't "consulting" and they weren't his "clients".
No right to be upset with OP after he invested his time and effort into the event and provided them with shit to do even if at the end they decided for the score not to count.
If they give him a hard time over the wrong assumption that the participants weren't freshman out of high school and assume he was trying to show off then they're likely retarded women who are insecure about one of their peers actually knowing shit instead of going through life having everything done for them by white knights.
Heck, he showed the damn kids they don't know shit. He probably provided more value to the participants than the easy self congratulatory Python challenges.
Who cares what some of the retards organizing the event think? Again, they weren't his "clients", and providing the participants with an unwarranted boost in their self esteem wasn't necessarily the goal.

>regularly browse Jow Forums so they'll probably know exactly who I am if i come across this thread.

i think one of them is in the thread now lol

games aren't about being simple.

hey, it's free advice. if you're always right and you always know what's best for other people, I guess that's your prerogative.

some people are interested in working on themselves, some aren't.

Understandable, thanks for the link

>if you're always right and you always know what's best for other people
oh, the irony

Post the challenge

...

You've already posted more than enough information for anyone in your cyber security club to identify you. Everyone else doesn't give a shit. Assuming there isn't any identifiable information about the university/club in the challenge, you're not going to blow your cover any further if you post it.

they sound retarded.

They are