Supported Challenge Types
This document outlines the currently supported and planned challenge types in EDUrange Cloud. The platform continues to evolve to support a broader range of educational opportunities beyond traditional CTF competitions.
Currently Supported Challenge Types
Full Virtualized OS (Command Shell Access)
- Description: Provides a complete virtualized operating system environment with command shell access
- Use Cases: File system exploration, command line challenges, basic system administration
- Implementation: Uses a containerized OS (typically Debian-based) with the Remote-Terminal for access
Web Challenges
- Description: Web-based challenges focusing on web application security
- Use Cases: SQL injection, XSS, CSRF, and other web vulnerabilities
- Implementation: Uses containerized web servers with vulnerable applications
SQL Injection Challenges
- Description: Specialized database challenges focusing on SQL injection vulnerabilities
- Use Cases: Database security, input validation, query manipulation, authentication bypass
- Implementation: Uses containerized database servers with vulnerable web interfaces for SQL interaction
- Key Features:
- Interactive SQL interface for query execution
- Database visualization tools
- Progress tracking through multiple vulnerability types
- Comprehensive learning material on SQL injection techniques
Attack/Defend
- Description: Challenges where users must both attack a vulnerable system and defend their own
- Use Cases: Network security, penetration testing, system hardening
- Implementation: Uses multiple containers (attack and defense) with Metasploit integration
In Development
Jailed Virtualized OS (Command Shell Access)
- Description: Restricted virtualized environment with limited command access
- Use Cases: Privilege escalation, container escape challenges
- Implementation: Uses containerized OS with restricted permissions and escape monitoring
Packet Analysis
- Description: Network packet capture and analysis challenges
- Use Cases: Network forensics, protocol analysis, traffic monitoring
- Implementation: Uses WebShark, a browser-based packet analysis tool
- Status: Currently in Alpha stage, with active development ongoing
Reverse Engineering Challenges
- Description: Challenges focused on binary analysis and reverse engineering
- Use Cases: Binary exploitation, malware analysis, code understanding
- Implementation: Uses specialized containers with binary analysis tools and target binaries
Planned Future Additions
Cryptography Challenges
- Description: Challenges focused on cryptographic concepts and techniques
- Use Cases: Encryption/decryption, hash cracking, cryptanalysis
- Implementation: Will use specialized containers with cryptographic tools and challenges
Digital Forensics
- Description: Challenges focused on digital forensics techniques
- Use Cases: File system analysis, memory forensics, artifact extraction
- Implementation: Will use specialized containers with forensic tools and evidence files
Mobile Security
- Description: Challenges focused on mobile application security
- Use Cases: Android/iOS security, application analysis, vulnerability identification
- Implementation: Will use emulated mobile environments for security analysis
IoT Security
- Description: Challenges focused on Internet of Things security
- Use Cases: Device security, protocol analysis, firmware examination
- Implementation: Will use simulated IoT devices and protocols for security analysis
Custom Challenge Types
EDURange Cloud’s modular architecture allows for the creation of custom challenge types. Users can develop their own challenge containers and integrate them with the platform using Challenge Type Definitions (CTDs). For more information on creating custom challenges, see the Challenge Development documentation.