This is the repo for cybershield, where challenges will be uploaded

Remember to clone with submodules:

git clone https://github.com/nkcyber/Cybershield.git --recurse-submodules

If you forgot, run this:

git submodule update --init --recursive

• All flags should be wrapped in cybershield{}

Some challenges benefit from having hosted web services.

All challenges must be part of the docker-compose.yml in the root of this project.

Running docker compose up --build should build and start all challenges, and CTFd.

All services should expose a port number in the range 6000-9000. All challenges can assume a subdomain of go.nkcyber.org.

• Web challenges are using ports 6000-6999.
• Reverse Engineering Challenges are using ports 7000-7999

If a service has a Dockerfile, then it can be added to the docker-compose.yml like this:

services:
    # ... other services here ...
    name-of-service:
        build: ./path/to/challenge/folder # root of Dockerfile
        ports:
            - "8080:8080" # PORT_ON_HOST:PORT_IN_CONTAINER

If a service has a docker-compose.yml, it can be included at the top like this:

include:
  - path:
    - ./path/to/docker-compose.yml

• rev
  • 01-strings - strings, nc
  • 02-strings - xxd, nc
  • 03-speedrun - python3, vscode, pwntools, vim, nc
  • 05-cobol - nc
  • 06-headbashing - nc General: sudo apt install python3-pycryptodome

• Zack
• Fenix
• Carson
• Patrick
• Marlowe

• Sangu Students: February 21st
• Highschool event: March 7th

Are you trying to deploy a non-http challenge on NKCyber servers?

We've had issues with that in the past, so we've used digital ocean droplets.

Are the jails not running on your Ubuntu system? Check out:

google/nsjail#236 (comment)

sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0