Skip to content

2023 Summer Recruitment & Training Schedule

A recruitment program for new members will take place in the summer of 2023. The recruitment of new members will last for 4 weeks and will be conducted jointly with South China Universities on the weekend of the 4th week.

There will be two categories of new members: basic and expert. At the basic level, many basic computer science concepts will be mentioned, and only the basic content will be required in the recruitment training questions. At the expert level, we will focus on real cybersecurity practice (in the meantime, let me assure you already have some computer science foundation) and begin computer security training directly.

Therefore, this article will be described according to the following table of contents:

  1. what the COMPASS CTF team will do to help you and what we expect you to do once you join.
  2. registration for new members.
  3. the basics of the recruitment campaign and the practice questions.
  4. recruitment assessment and score evaluation.
  5. some content that may be helpful if you are concerned about quitting.
  6. a detailed training schedule.

0x1. Capture The Flag, CTF & COMPASS CTF team

Capture the Flag (CTF) is a class of security competitions that simulate real network environments and are usually divided into two categories: recreational exercises and formal competitions. In the first category, we will learn a lot of computer science and coding, programming, image encryption, and a series of other interesting knowledge, just as learning itself is an enjoyable experience, in this type of recreational practice tournament, you can get more basic knowledge about computer science and interesting experience. The latter category is better for your career development and future planning, and in recent years, CTF competitions for talent recruitment are increasingly held by companies, government departments, and universities. In formal competitions, rigorous knowledge of cybersecurity will be tested, including malicious program analysis, industrial control software analysis, or offline hacking and defense simulating real-life environments.

At Southern University of Science and Technology, winning official competitions can get you extra points for graduate school/prize money for the school, and publicity on the official public website. In the official competitions you participate in, you can get the favor of enterprises such as Netcom, Ministry of Public Security, Ministry of Education, Ant (Alibaba Inc), or Meituan, etc. due to the different organizers.

You can choose your training group according to your situation:

  1. If you plan to learn a wide range of computer science knowledge in Network Security and Computer Security and want to have a fun experience with Competition and Computer Security. I recommend you to choose the basic level.
  2. If you plan to join the COMPASS CTF team in the future, compete with the best students, achieve ranking, or participate in research projects, make a choice for your future planning. I recommend you to choose the Expert level.

Of course, these two-level choices still represent different training difficulties and basic thresholds, which also need to be adjusted by your actual needs. You can also adjust your group after you have registered for new members.

0x2. Registration for new members

The registration form for the New Member Recruitment Program (or its online version) can be found in Appendix A. If you will be officially joining SUSTech next semester, or if you will be entering your second year at SUSTech next semester, please do not feel anxious about building up your basic knowledge; you still have plenty of time to learn and improve.

If you are going to choose your own academic research path, the COMPASS CTF team is an affiliated team of the COMPASS lab with research on computer security, and I am very pleased to recommend the COMPASS lab.

0x3. The basics of the recruitment campaign and the practice questions

The recruitment of new members will be divided into three parts:

  1. Basic knowledge training and learning.
  2. Daily practice questions.
  3. weekly training and review of topics.

Among them, the basics of training and learning will use the CTF book written by the Nu1L team for reference. The CTF All in One book is also recommended as reference material. At the same time, I will also summarize a series of online materials, with our previous recruiting materials information to carry out.

You do not need to complete the questions on the same day, but it is recommended that you complete the week's questions before the intensive training and Q&A time every Sunday. You may have difficulty with the daily exercises, but each week we will work through the difficult questions.

0x4. Recruitment assessment and score evaluation

New member recruitment is not a course, and scores are graded only for your motivation and as a reference for joining the team. We certainly don't want your teammates to have a large difference in ability level from you, which would lead to an imbalance in team strength. Therefore, if you think there is a problem with the design of the scores or have any suggestions, please feel free to contact me.

New member recruitment scores are designed to be chaotic and evil in an uncapped mode. The final score is made up of several components. Each part of the score has a different weighting and is calculated as:

Final score = factor * sum(weight * part score)

First, the factor depends on your grade level. If you will be entering SUSTech in the next semester, then you will receive an additional 40% factor, and if you will be entering your second year in the next semester, then you will receive an additional 20% factor. In addition, if you choose the Expert level (which represents more daily practice with more daily commitment time), you will receive an additional 5% factor.

The scores for each component with their corresponding weights are shown in the following table:

Part Weight
daily challenges 100%
competition participated 150%
training activity 50%
teammate score 100%
member score 100%
final competition 500%

0x5. Some content that may be helpful if you are concerned about quitting

I am very sorry if you plan to drop out during the course of your study, but if this is due to the training schedule and my factors, I humbly seek your advice and opinion.

If you need some help, perhaps the following will help you.

Q: I wasn't as interested in computer security as I expected it to be at the beginning.

A: The learning path for computer security can be very steep, and you may find yourself making no significant breakthroughs for some time. The accumulation of basic knowledge content is equally important. The field of computer security may not be as exhilarating as you might expect, but as you learn more, you will be exposed to more content that a beginner would not.

Q: The training schedule drains me.

A: Maybe you can try to lower the level of difficulty, even if you plan to join the team, but it's not for experts only. The basic level is also possible, the difference is only the 5% extra factor.

Q: I have other questions.

A: You are always welcome to contact me by email or by any means. Here is my email address: liz33@mail.sustech.edu.cn, and you can also find me in my office at 441A, South Building, College of Engineering.

Attachment A. Registration Form

Before filling out the registration form, allow me to describe to you this very interesting field and the five most important maxims in this field.

  1. The world is full of fascinating problems waiting to be solved.
  2. No problem should ever have to be solved twice.
  3. Boredom and drudgery are evil.
  4. Freedom is good.
  5. Attitude is no substitute for competence.

If you love cybersecurity, enjoy deciphering the maze of programs, hardware, and networks, and explore with humble curiosity and wonder, then you have the most important qualities that lead to success.

Key Value
Student ID (or empty if you haven't joined SUSTech)
Contact email address
Name or nickname you prefer to be called
Level (basic or expert)
Experience and knowledge
Interest point(s)

Hope you enjoy the trip!

COMPASS lab website: https://compass.sustech.edu.cn/

Online competition & challenge platform: http://detroit.sustech.edu.cn:29998/

Online competition & challenge platform (Intranet address): http://116.7.234.225:29998/

CTF all in one gitbook: https://firmianay.gitbook.io/ctf-all-in-one/content/

Attachment C. Timeline

The timeline and the topics of the training schedule are as below:

Date Topic Attachment
Aug. 3rd 1: introduction/Linux CTF_tutorial_1___introduction
Aug. 6th 2: web1 CTF_tutorial_2___web
Aug. 8th 3: web2 CTF_tutorial_3___web___sql
CTF_tutorial_3___web___file
CTF_tutorial_3___web___ssrf
Aug. 10th 4: forensics CTF_tutorial_4___forensics
Aug. 13th 5: crypto/Python CTF_tutorial_5___cryptography
Aug. 15th 6: reverse CTF_tutorial_6___reverse
Aug. 17th 7: pwn1 CTF_tutorial_7___pwn
Aug. 20th 8: pwn2 CTF_tutorial_8___pwn2
Aug. 22nd 9: penetration/bug bounty 5ZWK?
Aug. 24th 10: awd -----BEGIN PGP MESSAGE-----
Version: Keybase OpenPGP v2.1.15
Comment: https://keybase.io/crypto

wcBMA3ffNJS1q05yAQf9HwBZU1UsQ5m9vzr8sZKGqRE0hXz0tL/4fn+53z0ZPtPZ
pMC8+Lqf2LUvuxy+e7kkGQ8+9TYG0+dRXzrTqB2XLswFVYVlQYE3kPggBopuvOmY
C2jbYElBs5BJReAtwMwfryF3zHi1QvES2McAlPie5t7UOZplu4+TneCzXclL07yz
3Ipw6se5h+VXUEXrPpF43tCXRj3dakpTFlpiVd62WB/NlNYf8LUDWDceOqC/flwL
0CEC9Jm/sCM5aynzjFuEyVSTXz5+2ppappkqyrnlhRkJWE/Tvvcg1Nw03rnpffSa
T5e76JhYPNgko/Pe7NFD19xeVpyjE4KgZIGNdndEX9JDAeIYls88jN3dpaVTvPJz
FP5xmvLVsEhj+g8bfCydR0vVJXirmdr7G1hdMpIYLd9R87PhW9E2TtT6AX0myaze
DMSaHA==
=fUNF
-----END PGP MESSAGE-----