Unpublished
This wiki will not appear in search results, but can still be viewed by anyone!
About the Course
Cyberspy Academy is designed as a course just for younger students, with a wide range of activities and presentations based around some core concepts of cybersecurity, online privacy, ethical hacking, capture the flag style challenges, spy technology and some physical electronics with microcontroller programming. It is an exciting mix of different topics, so that students can try out lots of things quickly and get a taste for the different things in the area of cybersecurity, and hopefully gain some knowledge in the areas of staying safe online, digital privacy and so on.
Due to the large amount of presentations and whole group work, there are a huge amount of tutor led sections here in contrast to most tech camp courses. The entire course is also 'spy themed' across all of the activities, take home equipment and challenges, and it is important for the tutors to buy into this to make the course work and keep everyone really engaged. As such, you have quite a lot to do in preparation! You must know exactly what is in each presentation, have practised them in advance, and have a clear overview of the structure of each day to make sure things run smoothly.
We're trying to get the students to:
- Learn about some basic history of codebreaking, making and encryption
- Make their own codes using caesar ciphers - used throughout the course for competitions etc.
- Learn about how to stay safe online - good passwords, device security, digital privacy, phishing emails and scams
- Gain some knowledge of steganography, and have a go themselves
- Learn some basic drag and drop programming by using a BBC micro:bit to create a series of spy/security themed devices
- Learn a small amount of Python to create their own 'cipher program' to automatically decrypt and encrypt caesar ciphers
- Learn how to think like a hacker and the skills required for a capture the flag (CTF) competition
- Work well in teams by completing some team building exercises and then working as a team to solve puzzles
- Be able to convert between binary, decimal and hex number systems
- Gain some lock-picking skills
- Use everything they have learn to complete a fun spy-themed CTF challenge on the last day in teams
In the detailed day by day schedules below, you will see that there are a lot of different sections and activities to be completed in each session - it is imperative that you know what needs to be completed in each one and try to stick to it!
In general, not finishing everything in a session is not a huge problem so long as the campers are engaged and learning. It is better to move on to the next session's content when you are supposed to and skip out some activities than get several hours behind where you should be by the end of the day - you can always come back to things later. Equally, most sessions are fairly self contained and move onto a different topic in the next one, with the activities towards the end of the session often being more detailed/advanced.
By the same principle, it is also important not to go too fast! There is plenty of material, and there are several suggested extension activities to use as a buffer if required at the end of sessions if you have a particularly fast group. If they manage to do all of those as well (unlikely), feel free to make up extra puzzles etc. for them to complete (or find some online) so long as they are relevant to the course - don't just let them play games or watch YouTube!
Note that the programming concepts introduced in this course are deliberately kept fairly simple - the programming aspect is really just as a 'taster' and this is not a programming course. Also the students will all be 13 and under, so textual programming needs to be kept simple enough for them to not get frustrated.
Health & Safety
Although this course involves practical projects, there is a limited amount of operations involving any tools. For example, there are no soldering irons used. As such, the risks are more limited and primarily the 'General Workshops' risk assessment applies.
Please See Also:
General Workshops Risk Assessment
The Kit List
Student consumables (to take home, per student)
- Course Badge
- Laser module and battery pack
- micro:bit, battery pack and 2x AAA batteries
- 3 red and 3 black crocodile clip leads
- 2x round mirrors
- Large LDR
- 1K Resistor
- Buzzer
- 0.5m Aluminium Tape
- 1/10th pack of blutac
- Micro USB cable
- 1 Pair Headphones
- USB Stick
- UV Torch Kit and UV Pen
- 3D Printed Caesar Cipher Ring
* Ball point pen
Student non-consumables (per 8 students, not to take home)
- 2x Fake Transmitters
- 2x Lockpick Sets
- 2x Small Padlocks and lockboxes
- 1x help flag per student
- Set of locks (for lockpicking)
Other class supplies
- Presentation clicker
- Set of dry wipe pens
- 100 Sheets A4 paper
- Set of sticky notes
Printed Material
There is also a large amount of printed material for this course, including worksheets, challenge sheets and reference material - here is a reference for where everything is used:
Day 1
Session 1 (Caesar ciphers)
- Caesar Cipher – Novice (1/camper, consumed)
- Caesar Cipher – intermediate (1/camper, consumed)
- Caesar Cipher – Master (1/camper, consumed)
Session 2 (Device security and passwords)
- Securing your devices (1/camper, consumed)
- Securing Passwords (1/camper, consumed)
- Envelope Challenge, in DL Envelope, random encoding (1/camper, consumed)
Session 3, 4 (micro:bit programming)
- No printed material – all content on this site
Day 2 (Python programming)
No printed material – all content on this site
Day 3
Session 1 (Phishing)
- How to spot Phishing Emails (1/camper, consumed)
- Google-Fu Exercise – companies (1/camper, consumed)
- Google-Fu Individual Dossier (1/camper, consumed)
- Phishing Targets (1/4 campers, consumed)
Session 2 (Steganography)
- No printed material – all content on this site
Session 3, 4 (micro:bit programming)
- No printed material – all content on this site
Day 4 (CTF Skills, Lockpicking, Teamwork and Binary/Hex Activities)
- No printed material – all content on this site
Day 5 (CTF)
Session 1 (Lock box and email account access)
- Envelope #1 – Making Contact, in DL envelope (decorated) (1/4 campers, consumed)
- Possible Spies x3, in brown envelope (decorated) (1/4 campers, not consumed)
Session 2 (Wordsearch, binary decode for spy’s email account)
- Envelope #2 – Crossword, in DL envelope (decorated) (1/4 campers, consumed)
Session 3 – Footprinting Suspect and Project Plans
- Suspect Fact File (set of 3) (1/4 campers, consumed)
- Envelope #3, Traitor Plans, In A4 brown envelope (1/4 campers, not consumed)
Session 4 – Infographic then Emergency NOC list transmitter disarm
- 2x Sheets of blank A3 paper per student for infographic
- Envelope #4, Traitor’s Backup Plane (coded), DL envelope decorated (1/4 campers, consumed)
Pre-Camp Setup (By Tech Camp)
- Make Badges
- Print all material
- Envelopes stuffed and decorated as required
Preparing Yourself
Like any practical course you'll find this much easier to teach if you have run through it yourself as completely as possible first. Even if you're experienced with electronics and programming this will allow you to find out which parts of the course are tricky. Also, when we're running a course for the first few times there may be the occasional mistake or parts of instructions that are not clear and this is a great way of identifying them.
As a minimum, you'll need to:
- Run through this guide completely and be comfortable with it
- Run through the student's guide completely, building and writing the programmes for as many of the activities and challenges as you can for the Python and micro:bit programming days
- Read through and practice all of the presentations - there are lots of notes on all of the presentations, but if you don't have much background knowledge about some of the parts you might want to do some extra reading in advance.
If you are working with more than one tutor, you will want to decide between yourselves how to split the tasks/explanations for all of the presentation sections.
Tutor Training Day
When you arrive for the tutor training day (at Winchester this will be before the students arrive, for other camps it will be a number of weeks before the first camp), we will go through some general things (like child protection training), but the bulk of the day will be on preparing yourself for teaching the course.
What will I receive?
If you are working at a non-residential venue you will receive a full set of parts (for the micro:bit programming), a few lockpicks to practice with, and links to all of the printed materials and presentations in digital form, which will allow you to complete all parts of the course. Please be sure to bring all of the equipment with you to the training day, as it will be required to send to the venues afterwards.
If you are working at a residential venue, you will not receive any parts, however you will still be able to go through the student guides and try creating all of the programs yourself. You will also be able to look through all of the presentations and printed materials etc. There will be ample equipment and time to try out the challenges during the first few days at camp.
How will we check that you are prepared?
We will expect you to:
- Explain to us some of the concepts in the tutor guide - i.e. you need to be able to tell us how the course is organised, what some of the important points are about safety and efficiently operating the courses, and be able to answer questions about these things intelligently!
- We'll ask you to show us some of your programs, both with the micro:bit and for the Python programming section.
- We will ask you to run through the delivery of the starts of some of the lessons, as detailed at the end of this guide, as if you were delivering the course for real.
What will we show you?
- You should have been able to try out everything in the student guides - we will of course be able to answer any further questions you may have, and give you some tips and tricks to improve your delivery of the course.
- There will be an opportunity to see and try out disarming the fake transmitters.
Pre-course Setup
- Setup and organise all of your supplies - make sure you have everything you are supposed to have
- Set out the initial equipment needed by the students (headphones, USB stick, notebook and pen). Other equipment and printed sheets should be handed out when you reach the appropriate section to keep things organised.
- If possible, have a separate set of desks for the students that is away from the computer area, to use during the presentation/activity sessions. This avoids them being distracted by the computers and they will focus much better on the presentations and worksheets.
Student Logins
All students will need to login to this online system to access the course material. They can login using the following details (everyone logs into the same account):
Username: cyberspyacademy@techcamp.org.uk
Password: techcamp
They can continue to login with these details to access the material at home after the course if they want to.
IT Systems Check
- Projector and presentation equipment is all working
- USB ports are enabled and micro:bit enumerates when plugged in
- Student login works for this website
- All videos work in the student guide
- Check following websites are available:
- https://makecode.microbit.org/
- youtube.com
- courses.techcamp.org.uk
- https://repl.it/languages/python3
Tech Camp Work Saving Policy
To minimise the possibility of lost files and work, and reduce the impact of campers losing their memory stick after the course, please follow these guidelines:
- Campers should create a folder in 'My Documents' on the computer they are working on for the week, and rename it to their full name
- They should use this as their working directory for the week, working from it and saving all of the things they make/use in that folder
- At the end of the week they should then just copy the entire folder onto their memory stick to take home
- This folder should be left on the machine after camp (machines are either imaged specially for us or we have our own logins depending on venue)
- This way, if a camper loses a memory stick after they leave there is a chance we can get their data back by just looking on the computer they were working on.
Rules for Students
- Take your time - the more you understand, the easier you'll find it to complete subsequent challenges.
- If something doesn't work, check through the wiring and programming (twice) and then get a friend to check as well before asking your tutor!
- Don't touch the components on the tutor tables,
- Keep your desk space tidy. Parts that are not being used should be kept in their bag/box, particularly at the end of each session. If you lose something, you'll need to find it!
Guidelines for Tutors
- Encourage the students to take their time and re-watch the videos/instructions if needed - the better they understand them, the more success they will experience and the more fun they will have.
- Encourage the students to always check their wiring and programming a couple of times if it doesn't work and then get a friend to check it as well. This will make your life much easier!
- If students tell you that they have lost something, make them find it - it will probably be on the floor, under a piece of paper/keyboard, etc
- Sometimes at Winchester, you need to plug the headphones into the computers before booting up, otherwise the sound won't work at all (will have a red cross in taskbar and not output until you reboot with headphones plugged in).
Themeing
Cyberspy Academy is quite different to most other Tech Camp courses - it is much more structured with a large amount of tutor led lessons interspersed with smaller individual and group activities.
Being specifically for younger campers, it is very important to not present the material in a dry way - they will get bored! A small amount of theatrical input and themeing will go a long way to making them invested in the concept and keen to learn without it feeling like school. Some suggestions:
- Keep the 'spying' theme as much as possible - try beginning sessions with ideas such as 'We're going to add some more spying skills to our spy arsenal by learning how to decode secret messages hidden in plain sight using UV light....' and so on.
- Use a big countdown timer on the projector (loads available online) for activities to add some suspense and time pressure
- Play some spy themed music during the more intense group challenges
- Create 'spy names' for each other as an icebreaker activity
- Try to ask lots of questions to the campers during the presentations to keep them interested and involved - if you want to add a bit more detail here and there to things you are particularly knowledgeable about then go for it!
These are just some suggestions - please feel free to add your own creativity and flair to add to the theme wherever possible!
Content
All of the presentations, printed materials and so on are available here: https://drive.google.com/drive/folders/1...
Please see also: Condensed Week Summary
Day 1
Session 1
What is Cryptography?
Introduction, presentation on history of code breaking, teaching about Caesar ciphers and individual cipher activities. All presentations for this session are in one powerpoint file, "#1 What is Cryptography'.
1.1.0
Introductions and Icebreakers (15-20mins)
Introduce yourself and the course, and get them excited by briefly describing some of the things they will be doing and learning during the week. Tell them a bit about your background and your specialist knowledge. Move onto a few icebreaker activities of your choice (which should be spy themed if possible!).
1.1.1
Presentation - History of Code Breaking (10 mins)
HOOK - To first get the students attention, the phrase ‘Semper Occults’ should be on the board. The class should be asked what they think it means. The phrase is the motto of the Secret Intelligence Service (MI6), Direct translation “Always Secret”. The tutor should convey to the students that the techniques they will learn on the course are the building blocks of secretive organisations around the globe. Really play on the spy aspect to keep the class interested. Proceed to run through the rest of the presentation as per the slide notes.
1.1.2
Activity - Caesar Cipher Basic (15 mins)
Hand out the cipher rings and the printed worksheets for the novice cipher challenge. Allow the students enough time to complete the challenges and help where necessary - stress that it will help them a lot later during the CTF if they are good at decoding Caesar Ciphers! These first examples are quite straightforward to answer.
1.1.3
Presentation - Famous Code Breakers (10 mins)
This part should inspire the students by learning about how the codebreakers of the past have made such an impact on the world we live in. The presentation should be short and sweet. Touching on some of the key figures in the history of cryptography as per the presentation - see the slide notes for more details.
1.1.4
Activity - Caesar Cipher Intermediate (20 mins)
Hand out the intermediate worksheet and assist the students where needed in completing it. This worksheet has messages to decode, but without knowing the ROT setting - they should use techniques such as frequency analysis and guessing small words etc. to figure out the ROT setting and decode the message. You will probably need to help them more for this one!
1.1.5
Presentation - Modern World of Code Breaking (15 mins)
It should be stressed during the lesson that the majority of these techniques are still used today, in conjunction with encryption technology, to “help protect YOUR information”. The Caesar Cipher is ROT13, still used to this day etc.
The presentation should also focus on the modern application of code breaking. How the governments of the world employee codebreakers to crack the communications of nation states, terrorist cells and criminal organizations. A few outfits worth discussing:
- GCHQ
- CIA
- Mossad
- MI6
- Police (Digital forensics)
Companies also use cryptography to protect customer information, client details and keep people safe from possible attackers. With the rise in the frequency of cyber-attacks, there is always a need for bright and dedicated individuals to lend their efforts to keep people and information out of malicious hands.
1.1.6e
Extension Activity - Caesar Cipher Master (20 mins)
If you have time, they can try the master cipher worksheet - these are quite difficult with no ROT setting given and no spaces or punctuation! You might not have time to complete this during the first session - if not it can be kept as an extension activity to be used later if needed in another session at any time.
Session 2
Depending on your students, you might want to swap this session with session 3 to alternate between presentations/worksheets and the micro:bit work.
“How hackable are you?”
General introduction to online security and privacy, and device security principles. All presentations for this session are in the powerpoint file '#2 How Hackable are You'.
1.2.1
Presentation - The importance of staying secure (10 mins)
HOOK - To first get the students attention, the phrase ‘Regnum Defende’ should be on the board. The class should be asked what they think it means. The phrase is the motto of MI5. Direct translation is “Defence of the Realm”. Relates to the current subject topic as the students should keep on top of their own security needs before learning about others. Discuss the points on the slides with the students using the slide notes.
1.2.2
Activity - Example devices security audit worksheet (20 mins)
Hand out the 'Securing Your Devices' worksheet and ask the students to complete the ranking of the devices from #1 (most secure) to #5 (least secure). Use a timer on the board for 5 minutes and then discuss the outcomes as a whole group once time has run out.
1.2.3
Presentation - ‘Under lock and key’ (10 mins)
A short section on how we can improve our online security using things like end to end encryption, dealing with public WiFi networks and other insecure communications.
1.2.4
Presentation - Securing passwords (15 mins)
All about passwords and good practice - students will then use the points in this part of the presentation to complete the next activity.
1.2.5
Activity - Securing passwords (15 mins)
Hand out the passwords worksheets, and help the students to complete them, promoting discussion and group work where necessary.
1.2.6e
Extension Activity - Caesar Cipher Envelope challenges (15 mins)
If time, students can use everything they have learnt in the first half day to try and decode one of the envelope challenges - 1 random envelope given to each student.
Session 3
Depending on your students, you might want to swap this session with session 2 to alternate between presentations/worksheets and the micro:bit work.
micro:bit Physical Security Devices
1.3.1
Physical Security - micro:bit Programming
This session uses the online guides on this site, to teach the campers some basic programming skills as they work through a series of projects, creating some simple devices at first and then moving on to increasingly complex physical security devices and alarms.
The set of take home parts should be laid out on each desk before the start of the session.
You should start by explaining:
- What they will be doing and some examples of the projects
- The concept of the online system - they should work through the projects in order, but they can go at their own pace and take as much or as little time as they need on each project
- You are there to help them when they get stuck - all of the information they need is in the guides
- How to login - (cyberspyacademy@techcamp.org.uk and techcamp on this website)
- How the guides work - multiple pictures per step, coloured bullet points relating to picture annotations, click on pictures for a larger version
- Concept of help flag system and carrying on trying to fix problems whilst waiting for help
- Do a simple micro:bit program (displaying a heart etc.) and show them how to download the HEX file and then transfer to the micro:bit.
Session 4
1.4.1
Physical Security - micro:bit Programming
Students should continue with their projects from before the break.
Day 2
Sessions 1-4
An introduction to Python programming using a series of online tutorials on the courses system, to design and create a progressively more complex ‘Cipher Assistant’ program for helping the students with the CTF activity.
Students should already know how to use the online system from the micro:bit activities on the previous day, so little explanation should be required here. Suggested things for a quick introduction:
- A quick summary of what they will achieve and why their program will be useful (will help them in the CTF on the last day)
- The concepts they learnt yesterday with blocks programming (loops, if statements etc.) are the same in Python, but just done with text instead of blocks.
- A quick 'Hello World' style demo using the online editor on the projector, to show them how to write code, then compile and run - they will see this again at the start of the first guide
- Get started - go through at your own pace just like before!
- Link to completed program (for tutor use only!) is here: https://repl.it/repls/StrictUpbeatBacken...
If they finish all of the tutorials (possible but unlikely - some bits are quite hard for the 9-13 age range!) they can always go back to the micro:bit programming, or try and add extra features to their program such as a password unlock to use the program (simple check against a variable), most custom ASCII art, writing encoding/decoding functions for other types of ciphers etc.
Day 3
Session 1
“A spot of phishing “
All about phishing emails, presentations and activities, online footprinting and spotting emails etc. All presentation parts are in powerpoint file "#3 A spot of Phishing'.
3.1.1
Presentation - What is phishing? (15 mins)
First part of the presentation covers what phishing is, some common examples, and some tips for spotting them. Also includes very funny youtube video of someone interacting with the scammer who sent them a phishing email.
3.1.2
Activity - How to spot phishing emails (15 mins)
Hand out the 'How to Spot Phishing Emails' worksheet - give them a 10 minute timer to discuss in pairs whether they think each one is a phishing or a legitimate email. Once the time is up, go through them on the projector - get the campers to vote on each one, and say why/why not it is a phishing email. Try and get them to notice the details that were talked about in the presentation.
3.1.3
Presentation - Tracking a digital footprint (10 mins)
Run through the footprinting part of the presentation, covering how people use footprinting to gather information about peoples' online identity, and how to reduce your own online footprint to limit the risk.
3.1.4
Activity - Footprinting activity, Companies (20 mins)
Hand out the 'Google-Fu - Companies' worksheet - explain that it is now up to them to try and complete footprinting on the companies on the sheet. It is amazing how much detailed information you can get very quickly! Use a timer again on the projector to keep things moving.
3.1.5
Presentation - What is spear phishing? (10 mins)
Continue the presentation for the section on spear phishing - there are lots of notes on the slides for this one, and plenty of opportunity for class discussions.
3.1.6e
Extension activity - Spear phishing, Google fu - Individuals (20 mins)
Hand out the 'Google fu - Individuals' worksheet, and 1 target from the sheets of 4 to each camper. Explain they are to gather information on the target, and craft an email to them to try and get them to click on a link - they can try to impersonate anybody they like to try and have the best result! If time, share each other's emails around and see what others think. Obviously these emails MUST NOT BE SENT!
Session 2
“Steganography 101”
Learning about steganography techniques, using some presentations and a few short activities on the courses system. All presentation parts are in '#4 What is Steganography'.
3.2.1
Presentation - What is Steganography (10 mins)
Run through first part of presentation - as always, try and ask lots of questions to the campers. A lot of the ideas here are simple but effective, so they will probably be able to come up with some ideas of their own.
3.2.2
Activity - Text based Steganography (20 mins)
Nothing to hand out here, all online on the courses system - activity around hiding sentences in a letter using word. If you have time, have a look at each other's letters and discuss how they did. You might want to run through the command line part of this tutorial as a group on the projector as some younger students can find this quite difficult!
3.2.3
Presentation - Modern Steganography techniques (10 mins)
Continue presentation with a discussion of more modern methods of steganography.
3.2.4
Activity - Modern steganography exercise (20 mins)
Again, all online and nothing to hand out - student s should follow guide on courses system.
3.2.5e
Extension Activity - further online steganography tools
Students can search online and try some different automated tools for creating steganography images and more - for example mobilefish.com, just search google! Students can try sending secret messages to each other and see if they can decode them using different steganography techniques!
Session 3
3.3.1
Physical Security - micro:bit Programming
Students should continue with their projects from yesterday.
Session 4
3.4.1
Physical Security - micro:bit Programming
Students should continue with their projects from before the break/yesterday.
Day 4
Session 1
CTF Skills #1
Learning about what a CTF is, and some basic principles followed by binary and hexadecimal puzzles. All of the presentation slides are in the powerpoint file 'What is a CTF'. At any point during this day, the micro:bit, Python programming and lockpicking activities can be used as extension activities, or as a change of scene if required.
4.1.1
Presentation - What is a CTF? (10 mins)
The tutor will go over what a capture the flag event is. Mentioning that a lot of employers in the industry (MWR, Sky scanner, Barclays and Security services like GCHQ) use them as recruiting events to find the best and brightest. Teams of hackers battling it out to crack the greatest number of puzzles as quickly as possible. Some puzzles are worth more because they are more difficult. (For a quick explanation, like the snitch in quidditch). Cover a few of the more well known CTFs as the majority of the ones hosted by the big companies often lead to job opportunities (For example, the Deloitte CTF 2018)
4.1.2
Activity - Lockpicking (20 mins)
Students can now start practising their lockpicking - again it is important as they will need it to solve the CTF challenges tomorrow! Give a brief overview of the idea and principles, then the campers can use the lockpicking guide in the online system to get started. You should have a good practice of this yourself in advance - it does take some practice! Encourage them to work on the large see through locks first, then the small brass ones, and then the large brass ones. YouTube has loads of videos on picking all sorts of different types of locks if they want to experiment with some of the more esoteric ones.
4.1.3
Presentation - How to win a CTF (10 mins)
Run through the next set of slides detailing some techniques for winning a CTF - try and get them excited about doing well in the upcoming competition as best as you can!
4.1.4
Activity - Binary Puzzles (20 mins)
Next is the binary puzzles activity on the online system, which shows them how to count in binary amongst other things. Again, they will need this for the CTF!
4.1.5
Presentation - “Hacker Skillz” (10 mins)
Run through the rest of the presentation slides, which gives an overview of how they could go on to learn more in depth skills in their own time after the course.
4.1.6
Activity - Hexadecimal puzzles (20 mins)
Now explain the last activity of the session - some hexadecimal puzzles which are all on the online system. Do a quick explanation of what hexadecimal numbers are, and why we have them before they get started on the activity.
Session 2
Thinking like a hacker
Some more puzzles and ideas about how hackers think, historical hackers and what hacking actually is compared to films and so on. All of the presentation slides are in the '#2 Thinking Like a Hacker' power point.
4.2.1
Presentation - Fact Vs Fiction pt1 (10 mins)
Run through the first set of slides on the presentation, to give the class an idea of how hackers think. Looking at what the world thinks a hacker Is and if these stereotypes hold up to the truth. Comparing what the movies think hacking is to what hacking really is. Some really interesting material could be used, talking though a few ‘hackery’ movie scenes and separating the fact from the fiction.
4.2.2
Activity - Hexadecimal puzzles pt 2 (20 mins)
Students can progress onto the second hexadecimal puzzles activity on the online system.
4.2.3
Presentation - Famous hackers & how they got caught (10 mins)
Another more 'real world' look at what hackers have actually achieved in the past, and what happened to the ones that didn't play by the rules!
4.2.4
Activity - Binary to Hex (20 mins)
Campers can now complete the final binary/hex activity on the online system to bring together everything they have learnt so far.
4.2.5
Presentation - Hackers in the real world (10 mins)
Final part of the presentation about what hacking is about right now.
4.2.6e
Extension Activity - Physical Devices/Python Programming/Lockpicking
If there is any time left, students can continue with any of the physical devices or python activities from earlier in the course.
Session 3
Team building
Creating the teams for the CTF, and doing some teambuilding exercises as teamwork will be very important to do well in the challenge. All of the slides for this section are in the '#3 Team Building' presentation.
4.3.1
Presentation - Importance of teamwork (10 mins)
Run through the first few slides and group discussions about teamwork - it is very important for a CTF to work well in a team as all members will generally have different skills.
4.3.2
Activity - Team creation and simple teamwork exercises
Tutor will put students into teams (max 4 per team), and these will be the teams they compete in for capture the flag tomorrow.
Complete the first task about getting to know someone else in the team on slide 11 of the presentation.
Next get them to work on their 'save the world' proposal as a team - they must come up with 1 proposal together and then present it to the other teams.
Finally, they should come up with their team name, leadership structure and individual hacker aliases as detailed on slide 15.
4.3.3
Activity - Team work exercises (20 mins)
Each team should try the two extra teambuilding activities on the online system - the minefield and blind drawing exercises.
==== 4.3.4 ===
Presentation - What is white hat hacking? (10 mins)
Go through the final part of the presentation, which details the role of the white hat hacker.
4.2.5e
Extension Activity - free form team building activities (up to you!)
If you have any time left, the students can try some more team building activities of your choice (have a look in advance).
Session 4
Actual hacking Tools and the Command Line
A quick presentation on actual tools used by hackers and how to learn enough to become one, followed by a basic tutorial on command line 101. Presentation is all in '#4 Actual Hacking Tools'.
4.4.1
Presentation - Fact Vs Fiction pt 2, How to become a white hat hacker (20 mins)
Run through the final presentation - meant to be just a quick overview of the kinds of tools that hackers actually use, in preparation for a command line tutorial next.
4.4.2
Activity - Command line tutorials (60 mins)
They should go to the link at the end of the presentation (https://www.codecademy.com/courses/learn...) to start the command line tutorial on Codecademy. They will need to create an account, but can make up an email address if they don't have one as you don't need to validate it to start coding. We suggest you run through the tutorial in advance if you aren't very familiar with the Linux command line - it is quite straightforward and very well laid out with lots of help, but they will probably still get stuck! They can continue this for as long as they like (or until the end of the session anyway).
4.4.3e
Extension Activity: micro:bit/Python/lockpicking
If they finish the command line tutorials very quickly or want to move onto something else, again they can go back to any of the previous longer activities if they want to, but they should try and complete the first few sections of the Codecademy course to get a flavour for it.
Day 5
The final day consists of a series of capture the flag challenges, designed to use everything the students have learnt over the course for them to solve a variety of puzzles in teams. For this section, themeing the sessions like a spy operation is especially important to get the campers engaged with the concept - they will also really enjoy it!
Here are the solutions to each of the puzzles as detailed below for reference:
Session 1
signal = signalreceived@protonmail.com
password = hellodearfriend
Spy - Adam Lomax
Session 2
spy = overwatch
email: epnagey@protonmail.com
password: foxhound
Session 3
traitor = buzzard
email: HiddenBuzzard@protonmail.com
password: OperationIndigo
Session 4
email: onelastfavour@protonmail.com
password: yancahpaehifeicieehare
Session 1
Operation - I-Spy
Students are given a personal file for three suspects and an encrypted communication. The students must investigate the communication and decode it to reveal key information. Using this piece of evidence, they are able to piece together some information about the spy’s true identity. Students then pick the traitor out of three possible suspects.
For these challenges you will need to split the students into appropriate teams of a maximum size of 4.
5.1.1
- Presentation - Briefing (10 mins) ***
Each session contains a CTF challenge that the students must complete. These challenges lead on from one another to complete a small spy themed story line. Ensure that you read over the briefing slides to know what information you will be able to tell the students. Also test the puzzles yourself to improve your understanding of the tasks!
After the presentation, provide the students with the lockbox and the envelope containing the 3 suspects (Adam Lomax, Alan Longcross and Alexis Lekovich), one lockbox and suspect envelope per team.
5.1.2
Activity - Padlock box (10 - 15 mins)
The students must break open a certain amount of padlocks before gaining access to the contents of the box. The number of padlocks required should be decided by the Tutor depending on the lockpicking abilities - at least 1 lock per student is advised. Once the locks have been opened, the students can then access the encrypted message inside of the box
5.1.3
Activity - Envelope 1: Caesar basic (15 mins)
Inside the lockbox, is an envelope with an encrypted document inside (Making Contact). The students must decode the document and learn information that will be used to determine the identity of the spy.
PRIOR TO CHALLENGE
Write the number 22 in binary (10110) in invisible ink on the envelope or the back of the document. If the students are having difficulty with decoding it, you can use this hint to help move things along as this is the ROT setting they need to decode the document. Remember to try and deliver the hint with the theme of espionage ("intel suggests there may be a hidden clue on the back of the document etc.")
Have cyberchef (https://gchq.github.io/CyberChef/) open in case you need to make any last minute adjustments or create an extension task
5.1.4
Activity - Examining suspects (10 mins)
The 3 suspect profiles will be examined by the students in conjunction with the decoded document. The students should be able to determine which suspect is the spy from the information they gather from the decoded communication and the information about the 3 suspects on their files.
5.1.5
Activity - Access email account (20 mins)
There is a table with black and white squares at the bottom of the document. When decoded, (each row is a binary number that converts into an ASCII letter) this provides a password (hellodearfriend) for the email account (signalreceived@protonmail.com) mentioned in the document. Bonus points should be awarded to the team with enough ingenuity to login to the account and access the message in the draft section of the email account.
Decoded password and email address for this task can be found in the solutions.txt file in the Day 5 folder.
5.1.6
Presentation - Debrief (10 mins)
After the challenge is complete, or there is 15 mins till the end of the session, call for the challenge to end. Use a large on screen timer for this challenge to provide a sense of tension. Reveal if they have guessed who the traitor was and tell them all the clues that hinted to the spy's identity.
Decide which team won the challenge in terms of team work, effectiveness, creativity and (of course) the amount of evidence collected. Award 1 point to the winner of each challenge (1 challenge per session). Team with the most points at the end of the day wins the CTF!
Provide 5 minutes for the students to tidy up before the end of the session.
Session 2
Find the Meeting Location, AKA Operation Dead-Drop
The previous operation challenge revealed that the spy was communicating with a black-market dealer. The students now have to investigate the spy and determine where and when they will meet with the dealer. A new set of encoded documents were ‘seized’ from the suspects residence, which provide information about an email account.
The students then use the information to find the password to the account and examine the encrypted communications between the suspect and the dealer.
5.2.1
Briefing (10 mins)
See above for the overall review but the slides should be viewed prior to delivering the presentation, to ensure the tutor has a complete understanding of the task the students will complete.
5.2.2
Activity - Envelope #2: Word search (15 mins)
Students must complete the word search and follow the instructions to get the email address. Used in conjunction with the password found in the next challenge, they will be able to access the email account.
The email account relevant to this challenge is epnagey@protonmail.com
5.2.3
Activity - Envelope #2: Evidence set #2 (10 mins)
Students need to solve the binary puzzle on the second sheet in the envelope to find the password to the email account. It also provides the students with an ROT key value that can be used to decode a puzzle later on in the challenge. Once they have the password and email, they should log into the account:
epnagey@protonmail.com
Ensure that no team tamper with the evidence by changing emails on the account and ruin the puzzle for other players.
5.2.4
Activity - Meeting place for the old reunion (10 mins)
Document 1/2 from the email account. This is a relatively simple puzzle that reveals the location of the meeting place. The solution is found by looking at the first letter of each item on the menu.
5.2.5
Activity - Thank you for your reservation at the Barfina (10 mins)
This can be found inside of the epnagey@protonmail.com drafts folder. The students download this file to analyse it.
Hidden text inside of the bar menu, found using basic stenographic technique. Can be decoded using the cipher key discovered previously. Once decoded, it reveals a sign and counter sign that the traitor and spy would use when they meet. Reveal the text by displaying hidden text in the opened file as per the online tutorial on basic stenography. Revealed text hidden in the menu will be in a Caesar cipher which can be decoded using the key found in the previous document, which when decoded reads:
''
Hello my friend, hopefully you are well. When we meet, be sure to ask "Can i borrow your news paper?" To which i will reply with "of course, may i borrow a match?". your final response should be "sorry, i prefer matches". Answer this way and i know you aren't wearing a bug.''
When marking the challenge, students should act out this exercise of how the spies would meet with the countersigns. Award bonus points for the best performance!
5.2.6
Debrief
Be sure to run through the solutions, answer any questions about the task and award points based on the criteria established in session 1.
Session 3
Identify the Traitor AKA "Operation Trojan Horse
Once the location of the meet was established, the students then investigate who the black market dealer is. The students are given the known characteristics of the dealer and 3 possible identities. Footprinting is required to find proof of these characteristics in one of the identities and rule out the other two. Confirming the dealer’s identity means accessing the email account used by the dealer and finding the previous email communications sent from the rouge spy.
5.3.1
Briefing
See above for the overall review but the slides should be viewed prior to delivering the presentation to ensure the tutor has a complete understanding of the task the students will complete.
5.3.2
Activity - Researching targets - (30 mins)
The students have to research all three suspects as detailed in the presentation and record them on the empty fact files provided, and then compare the information they find with the information they have on the dealer. Bonus points for students with the most comprehensive profile.
The primary focus for the students should be identifying who the dealer is (Ben!) and finding the relevant evidence to support their claims. Once they have this evidence, they will present their findings to the tutor and receive the next part of the puzzle.
5.3.3
Activity - Decode project plans - (30 mins)
Print off an appropriate amount of the following email to put inside each envelope:
HiddenBuzzard@protonmail.com
Be sure to print off a few spares too!
The students are then provided with the next piece of evidence, containing assorted documents (Traitor Plans document). The students must place the documents on top of each other in the right order to reveal a hidden password (OperationIndigo) produced at the bottom by combining the letters on each sheet.
The tutor should add page numbers in hex with the invisible ink pen. These can be used to help the students order the documents correctly but still providing them with a bit of challenge.
Ensure that students do not use an online decoder for this task.
The password is used to log in to the target email address (email: HiddenBuzzard@protonmail.com). From there they are able to double check the identity of the traitor (login name of Ben in the top right!)
Session 4
Patching the leak
Students have successfully identified all the threats and they have been arrested. The first part of this session will involve the students making an info-graphic to detail how the UK government can keep their systems secure to ensure this never happens again.
The session will then be interrupted with an "Emergency Briefing" to detail that traitor who stole the list had a back up plan to automatically sell the list if he was arrested. The students then work through some evidence to determine how to stop the sale of the NOC list.
5.4.1
Briefing - Patching the leak - (10 mins)
A briefing that catches students up on how the traitors have been arrested and where they are now. Also focuses on "Next steps" that the students should encourage the government to do to secure the system.
5.4.2
Data leakage infographic - (20 mins)
Students then work on an infographic that highlight these changes. Ensure all students are contributing to the task. Of course this is really a semi-theatrical distraction for them to make them think that the CTF tasks are over!
5.4.3
Emergency Briefing - (10 mins)
This briefing informs the student of the NOC list being sold today. Ensure to give this session with a sense of drama a flare to keep them engaged. This is the big finale of the entire CTF.
At the end of the presentation, provide the students with Envelope #4, Traitor's backup plan (coded).
Double check the cipher key with the decoded version before the task!
5.4.4
Caesar - Difficult (20 mins)
Students then work through the envelope challenge to decode it and gain access to the email account provided:
email: onelastfavour@protonmail.com
password: yancahpaehifeicieehare
Once accessed, they will be able to find the location of the transmitter in the draft email section. There will be 3 sets of possible coordinates for the transmitter they will have to put into Google Maps - one of them will be where they are!
Once they know the transmitter is close, give them hints to look in different rooms/cupboards close to the room you are in which you have planted before the start of the challenge.
The transmitter (locked inside the toolbox) should be in a separate room from the work room from the start of the challenge so that the students do not know it exists.
5.4.5
Lock Box - (10 mins)
Each student in the team should unlock 1 lock before they are allowed to open the box with the transmitter in.
5.4.5
Disarming the transmitter - (20 mins)
Inside the lockbox is the transmitter responsible for hosting the online sale of the NOC list.
There are 6 different wires attached to the device. 3 are used to disarm the device and the other 3 are used trigger the transmitter.
Be sure to test what each wired does BEFORE running this session.
To disarm the device, the students must take out and detach 3 correct wires. The students have 20 minutes to disarm the transmitter as shown from the countdown on the device. The countdown is trigger when the transmitter is both shaken and in a bright environment (i.e. taken out of the box).
Each time they detach a wrong wire, the device will flash red and the timer will speed up. Detach all 3 wrong wires and the students fail the mission!
Set up:
Get a piece of paper and write the colour of each wire, that sets the transmitter off, in binary. Be sure to write the instructions in invisible ink to really sell the whole spy theme. Also use the binary to text ASCII alphabet to ensure they can easily reverse engineer the puzzle.
Once the students decode the instructions, they will know what wires set off the device. Hence they know what wires NOT to detach. Using a simple process of elimination, they know what wires to detach. Give them hints so that they work this out if they get this the wrong way around and think the colours on the paper are the wires to disarm the device - e.g., why would the traitor leave instructions on how to disarm the device!
Once the students disarm the device, they win the game and finish the CTF! (this is a good time to hand out badges)
Detaching wires:
Be sure to unscrew the screw attached to the corresponding wire to "detach" the wire. Ensure that students do not just rip the wires out! Also they have to use a screwdriver which makes it more exciting.
Packing Up
Your supplies should always be packed up as neatly as they came! This means:
- Spares are in labelled bags, and grouped in bigger bags. Please collect and bag any leftover construction kit parts that the campers leave behind, especially any white brackets - these are expensive 3D printed parts that should certainly not go in the bin!
- There should be no bags of unsorted components
- Mats neatly put away and folded flat, with any excess PVC tape removed.