Cybersecurity games: Diptendu Kar’s Capture the Flag journey
Mon 04.08.24 / Attrayee Chakraborty
Cybersecurity games: Diptendu Kar’s Capture the Flag journey
Mon 04.08.24 / Attrayee Chakraborty
Mon 04.08.24 / Attrayee Chakraborty
Mon 04.08.24 / Attrayee Chakraborty
Cybersecurity games: Diptendu Kar’s Capture the Flag journey
Mon 04.08.24 / Attrayee Chakraborty
Cybersecurity games: Diptendu Kar’s Capture the Flag journey
Mon 04.08.24 / Attrayee Chakraborty
Mon 04.08.24 / Attrayee Chakraborty
Mon 04.08.24 / Attrayee Chakraborty
Diptendu Kar’s path to cybersecurity came about through an unexpected personal experience — falling victim to data deletion.
“When I found out that my external hard drive was suddenly wiped, I was stunned,” Kar says. “After some research, I realized that data can actually be retrieved, and so my journey into cybersecurity began.”
While working towards his cybersecurity master’s degree at Northeastern University, which he completed in December, Kar delved deep into the realms of critical thinking through an exercise called Capture the Flag (CTF). CTFs are dynamic cybersecurity competitions where teams engage in challenges, such as finding hidden text strings in intentionally vulnerable systems, breaking into websites, or identifying software vulnerabilities. CTF competitions have long been a popular method to test technical knowledge and build problem-solving skills, including in cybersecurity courses at Northeastern.
Kar, who now works as a security researcher at Semgrep, had heard of CTFs during his undergrad days prior to arriving at Northeastern.
“I remember being able to solve only one as a beginner,” Kar recalls, “but found myself playing whenever I would have time to practice this art.”
Intrigued, Kar watched YouTube and Twitter gurus like LiveOverflow to learn more. Before long, he found himself participating in every CTF he could find — more than 70 in total — and went on to achieve top 15 finishes in a handful of events, including second place in TexSAW 2023 at UT Dallas and eighth place in the MITRE STEM CTF Cyber Challenge 2022.
In completing challenges based on cryptography and binary exploitation, Kar realized that CTFs were a good way for students to develop and apply their problem-solving skills. These skills also mapped well to the courses he’d taken, especially those on software vulnerabilities, systems security, and network security.
“Solving CTFs is like solving a technical puzzle,” Kar says. “Just like a puzzle, CTFs require practical application of critical thinking skills and tools taught at Northeastern. Plus, it adds immense value to your resume!”
And for beginner-level CTFs in particular, Kar says that learning technical skills is essential.
“The idea is to engage participants in the quest,” Kar says. “It’s essential to use trial and error, process of elimination, and Googling to explore which solutions may be applicable.”
After competing and improving his skills for two years, Kar decided to share the benefits with his fellow Northeastern students. During his time as a teaching assistant for Khoury College’s “Computer System Security” course, Kar created a CTF-style assignment. When he TAed for “Foundations of Information Assurance,” his students took an interest in his CTF expertise. Then, for his master’s capstone project, Kar partnered up with Derek Ng, a fellow CTF enthusiast.
“When Professor [Jose] Sierra reached out to me asking to design CTF challenges for clubs at Northeastern, I was excited,” Kar says. “With Derek’s help, we went on to create different categories of CTFs for various participation levels.”
The journey culminated in November with CasualCTF, a Northeastern CTF competition co-organized by Kar, Ng, the Northeastern chapter of Women in Cybersecurity (WiCYS) and NU’s VICEROY DECREE institute. After another CTF club at Northeastern, NEU CTF Club, reached out to Sierra, Kar quickly began designing CTF challenges for SubZ3r0, a collaboration between NEU CTF Club, WiCYS, and NUSec. Though it recorded great attendance, Kar says there were several challenges to designing a CTF from scratch.
READ: From scholarships to cross-university classes, VICEROY preps Khoury students for cyber defense
“Balancing motivation with difficulty was the major challenge,” Kar says. “We had to keep in mind that students from all levels would be attending, and that we needed to hit a sweet spot in terms of how challenging the questions were.”
Now graduated, Kar hopes that Northeastern students will continue to expand the university’s CTF offerings.
“There should be a pipeline of students handing over the baton when they graduate,” Kar says. “Only then can we ensure that CTFs become integrated in the world of budding cybersecurity professionals.”
Diptendu Kar’s path to cybersecurity came about through an unexpected personal experience — falling victim to data deletion.
“When I found out that my external hard drive was suddenly wiped, I was stunned,” Kar says. “After some research, I realized that data can actually be retrieved, and so my journey into cybersecurity began.”
While working towards his cybersecurity master’s degree at Northeastern University, which he completed in December, Kar delved deep into the realms of critical thinking through an exercise called Capture the Flag (CTF). CTFs are dynamic cybersecurity competitions where teams engage in challenges, such as finding hidden text strings in intentionally vulnerable systems, breaking into websites, or identifying software vulnerabilities. CTF competitions have long been a popular method to test technical knowledge and build problem-solving skills, including in cybersecurity courses at Northeastern.
Kar, who now works as a security researcher at Semgrep, had heard of CTFs during his undergrad days prior to arriving at Northeastern.
“I remember being able to solve only one as a beginner,” Kar recalls, “but found myself playing whenever I would have time to practice this art.”
Intrigued, Kar watched YouTube and Twitter gurus like LiveOverflow to learn more. Before long, he found himself participating in every CTF he could find — more than 70 in total — and went on to achieve top 15 finishes in a handful of events, including second place in TexSAW 2023 at UT Dallas and eighth place in the MITRE STEM CTF Cyber Challenge 2022.
In completing challenges based on cryptography and binary exploitation, Kar realized that CTFs were a good way for students to develop and apply their problem-solving skills. These skills also mapped well to the courses he’d taken, especially those on software vulnerabilities, systems security, and network security.
“Solving CTFs is like solving a technical puzzle,” Kar says. “Just like a puzzle, CTFs require practical application of critical thinking skills and tools taught at Northeastern. Plus, it adds immense value to your resume!”
And for beginner-level CTFs in particular, Kar says that learning technical skills is essential.
“The idea is to engage participants in the quest,” Kar says. “It’s essential to use trial and error, process of elimination, and Googling to explore which solutions may be applicable.”
After competing and improving his skills for two years, Kar decided to share the benefits with his fellow Northeastern students. During his time as a teaching assistant for Khoury College’s “Computer System Security” course, Kar created a CTF-style assignment. When he TAed for “Foundations of Information Assurance,” his students took an interest in his CTF expertise. Then, for his master’s capstone project, Kar partnered up with Derek Ng, a fellow CTF enthusiast.
“When Professor [Jose] Sierra reached out to me asking to design CTF challenges for clubs at Northeastern, I was excited,” Kar says. “With Derek’s help, we went on to create different categories of CTFs for various participation levels.”
The journey culminated in November with CasualCTF, a Northeastern CTF competition co-organized by Kar, Ng, the Northeastern chapter of Women in Cybersecurity (WiCYS) and NU’s VICEROY DECREE institute. After another CTF club at Northeastern, NEU CTF Club, reached out to Sierra, Kar quickly began designing CTF challenges for SubZ3r0, a collaboration between NEU CTF Club, WiCYS, and NUSec. Though it recorded great attendance, Kar says there were several challenges to designing a CTF from scratch.
READ: From scholarships to cross-university classes, VICEROY preps Khoury students for cyber defense
“Balancing motivation with difficulty was the major challenge,” Kar says. “We had to keep in mind that students from all levels would be attending, and that we needed to hit a sweet spot in terms of how challenging the questions were.”
Now graduated, Kar hopes that Northeastern students will continue to expand the university’s CTF offerings.
“There should be a pipeline of students handing over the baton when they graduate,” Kar says. “Only then can we ensure that CTFs become integrated in the world of budding cybersecurity professionals.”
Diptendu Kar’s path to cybersecurity came about through an unexpected personal experience — falling victim to data deletion.
“When I found out that my external hard drive was suddenly wiped, I was stunned,” Kar says. “After some research, I realized that data can actually be retrieved, and so my journey into cybersecurity began.”
While working towards his cybersecurity master’s degree at Northeastern University, which he completed in December, Kar delved deep into the realms of critical thinking through an exercise called Capture the Flag (CTF). CTFs are dynamic cybersecurity competitions where teams engage in challenges, such as finding hidden text strings in intentionally vulnerable systems, breaking into websites, or identifying software vulnerabilities. CTF competitions have long been a popular method to test technical knowledge and build problem-solving skills, including in cybersecurity courses at Northeastern.
Kar, who now works as a security researcher at Semgrep, had heard of CTFs during his undergrad days prior to arriving at Northeastern.
“I remember being able to solve only one as a beginner,” Kar recalls, “but found myself playing whenever I would have time to practice this art.”
Intrigued, Kar watched YouTube and Twitter gurus like LiveOverflow to learn more. Before long, he found himself participating in every CTF he could find — more than 70 in total — and went on to achieve top 15 finishes in a handful of events, including second place in TexSAW 2023 at UT Dallas and eighth place in the MITRE STEM CTF Cyber Challenge 2022.
In completing challenges based on cryptography and binary exploitation, Kar realized that CTFs were a good way for students to develop and apply their problem-solving skills. These skills also mapped well to the courses he’d taken, especially those on software vulnerabilities, systems security, and network security.
“Solving CTFs is like solving a technical puzzle,” Kar says. “Just like a puzzle, CTFs require practical application of critical thinking skills and tools taught at Northeastern. Plus, it adds immense value to your resume!”
And for beginner-level CTFs in particular, Kar says that learning technical skills is essential.
“The idea is to engage participants in the quest,” Kar says. “It’s essential to use trial and error, process of elimination, and Googling to explore which solutions may be applicable.”
After competing and improving his skills for two years, Kar decided to share the benefits with his fellow Northeastern students. During his time as a teaching assistant for Khoury College’s “Computer System Security” course, Kar created a CTF-style assignment. When he TAed for “Foundations of Information Assurance,” his students took an interest in his CTF expertise. Then, for his master’s capstone project, Kar partnered up with Derek Ng, a fellow CTF enthusiast.
“When Professor [Jose] Sierra reached out to me asking to design CTF challenges for clubs at Northeastern, I was excited,” Kar says. “With Derek’s help, we went on to create different categories of CTFs for various participation levels.”
The journey culminated in November with CasualCTF, a Northeastern CTF competition co-organized by Kar, Ng, the Northeastern chapter of Women in Cybersecurity (WiCYS) and NU’s VICEROY DECREE institute. After another CTF club at Northeastern, NEU CTF Club, reached out to Sierra, Kar quickly began designing CTF challenges for SubZ3r0, a collaboration between NEU CTF Club, WiCYS, and NUSec. Though it recorded great attendance, Kar says there were several challenges to designing a CTF from scratch.
READ: From scholarships to cross-university classes, VICEROY preps Khoury students for cyber defense
“Balancing motivation with difficulty was the major challenge,” Kar says. “We had to keep in mind that students from all levels would be attending, and that we needed to hit a sweet spot in terms of how challenging the questions were.”
Now graduated, Kar hopes that Northeastern students will continue to expand the university’s CTF offerings.
“There should be a pipeline of students handing over the baton when they graduate,” Kar says. “Only then can we ensure that CTFs become integrated in the world of budding cybersecurity professionals.”
Diptendu Kar’s path to cybersecurity came about through an unexpected personal experience — falling victim to data deletion.
“When I found out that my external hard drive was suddenly wiped, I was stunned,” Kar says. “After some research, I realized that data can actually be retrieved, and so my journey into cybersecurity began.”
While working towards his cybersecurity master’s degree at Northeastern University, which he completed in December, Kar delved deep into the realms of critical thinking through an exercise called Capture the Flag (CTF). CTFs are dynamic cybersecurity competitions where teams engage in challenges, such as finding hidden text strings in intentionally vulnerable systems, breaking into websites, or identifying software vulnerabilities. CTF competitions have long been a popular method to test technical knowledge and build problem-solving skills, including in cybersecurity courses at Northeastern.
Kar, who now works as a security researcher at Semgrep, had heard of CTFs during his undergrad days prior to arriving at Northeastern.
“I remember being able to solve only one as a beginner,” Kar recalls, “but found myself playing whenever I would have time to practice this art.”
Intrigued, Kar watched YouTube and Twitter gurus like LiveOverflow to learn more. Before long, he found himself participating in every CTF he could find — more than 70 in total — and went on to achieve top 15 finishes in a handful of events, including second place in TexSAW 2023 at UT Dallas and eighth place in the MITRE STEM CTF Cyber Challenge 2022.
In completing challenges based on cryptography and binary exploitation, Kar realized that CTFs were a good way for students to develop and apply their problem-solving skills. These skills also mapped well to the courses he’d taken, especially those on software vulnerabilities, systems security, and network security.
“Solving CTFs is like solving a technical puzzle,” Kar says. “Just like a puzzle, CTFs require practical application of critical thinking skills and tools taught at Northeastern. Plus, it adds immense value to your resume!”
And for beginner-level CTFs in particular, Kar says that learning technical skills is essential.
“The idea is to engage participants in the quest,” Kar says. “It’s essential to use trial and error, process of elimination, and Googling to explore which solutions may be applicable.”
After competing and improving his skills for two years, Kar decided to share the benefits with his fellow Northeastern students. During his time as a teaching assistant for Khoury College’s “Computer System Security” course, Kar created a CTF-style assignment. When he TAed for “Foundations of Information Assurance,” his students took an interest in his CTF expertise. Then, for his master’s capstone project, Kar partnered up with Derek Ng, a fellow CTF enthusiast.
“When Professor [Jose] Sierra reached out to me asking to design CTF challenges for clubs at Northeastern, I was excited,” Kar says. “With Derek’s help, we went on to create different categories of CTFs for various participation levels.”
The journey culminated in November with CasualCTF, a Northeastern CTF competition co-organized by Kar, Ng, the Northeastern chapter of Women in Cybersecurity (WiCYS) and NU’s VICEROY DECREE institute. After another CTF club at Northeastern, NEU CTF Club, reached out to Sierra, Kar quickly began designing CTF challenges for SubZ3r0, a collaboration between NEU CTF Club, WiCYS, and NUSec. Though it recorded great attendance, Kar says there were several challenges to designing a CTF from scratch.
READ: From scholarships to cross-university classes, VICEROY preps Khoury students for cyber defense
“Balancing motivation with difficulty was the major challenge,” Kar says. “We had to keep in mind that students from all levels would be attending, and that we needed to hit a sweet spot in terms of how challenging the questions were.”
Now graduated, Kar hopes that Northeastern students will continue to expand the university’s CTF offerings.
“There should be a pipeline of students handing over the baton when they graduate,” Kar says. “Only then can we ensure that CTFs become integrated in the world of budding cybersecurity professionals.”