A Beginner’s Guide to CTFs : learning Cybersecurity Through Capture The Flag Challenges
Tsepelis, Vasileios (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025100725708
https://urn.fi/URN:NBN:fi:amk-2025100725708
Tiivistelmä
This thesis was commissioned by Laurea University of Applied Sciences with the aim of exploring how Capture The Flag (CTF) platforms—specifically Hack The Box (HTB)—can enhance cybersecurity education. The objective was to examine whether integrating HTB-based challenges into academic curricula can bridge the gap between theoretical instruction and real-world skill development. The primary beneficiaries are educational institutions, instructors, and students seeking more practical, hands-on learning models.
The development task involved analyzing selected HTB retired machines to identify challenge themes, problem-solving approaches, and technical skills gained. The theoretical framework was based on recognized cybersecurity and education standards, including the NICE Cybersecurity Workforce Framework, the ENISA Cybersecurity Skills Framework (ECSF), and the OWASP Top 10.
Methods included the analysis of machine features, comparison with traditional lab-based methods, and the presentation of integration guidelines for educators. The key findings demonstrate that HTB promotes learning, critical thinking, and deeper engagement with real-world vulnerabilities.
The thesis concludes that CTF challenges can be an effective complement to classroom-based learning. Recommendations include gradually integrating CTFs into courses, aligning them with learning outcomes, and ensuring institutional support and guidance for students.
The development task involved analyzing selected HTB retired machines to identify challenge themes, problem-solving approaches, and technical skills gained. The theoretical framework was based on recognized cybersecurity and education standards, including the NICE Cybersecurity Workforce Framework, the ENISA Cybersecurity Skills Framework (ECSF), and the OWASP Top 10.
Methods included the analysis of machine features, comparison with traditional lab-based methods, and the presentation of integration guidelines for educators. The key findings demonstrate that HTB promotes learning, critical thinking, and deeper engagement with real-world vulnerabilities.
The thesis concludes that CTF challenges can be an effective complement to classroom-based learning. Recommendations include gradually integrating CTFs into courses, aligning them with learning outcomes, and ensuring institutional support and guidance for students.