OSEC CTF

Overview

Created to strengthen technical skills across the UNF Osprey Security Club, the OSEC CTF was both a training tool and an internal competition. It provided members the opportunity to explore real-world cybersecurity concepts through interactive, scenario-based challenges. 

Infrastructure

The entire environment was deployed on a Proxmox server stack that I personally built and maintained.
It included:

• CTFd for challenge management and scoring

• Splunk for log-based analytics and visibility challenges

• A custom frontend container to automatically create Splunk user accounts

• A custom backend handling a phishing email simulation challenge

• Two downloadable virtual machines (Ubuntu and Windows) with embedded challenges

All services were isolated and managed through Proxmox containers and VMs, creating a safe and self-contained learning environment.

Challenge Design

The competition featured 26 challenges across six categories:

• Splunk

• Windows

• Linux

• Puzzle

• Reverse Engineering

• Special (Phishing)

I authored every challenge from scratch. My personal favorite was the Splunk series, which helped participants develop strong log analysis and investigation skills. The phishing challenge was also a standout, integrating a live email backend for realistic interaction. 

Results

The event hosted 20 participants, offering an engaging environment that encouraged collaboration and hands-on learning. It served as a launch point for future competitive training and internal blue/red team exercises.

Reflection

Building the OSEC CTF from the ground up was one of my most rewarding projects. It combined system administration, development, and challenge design into a single cohesive platform, bridging technical complexity with accessibility for new learners.

Lessons Learned

While I didn’t encounter many major roadblocks during development, the project still deepened my technical understanding in several areas. I gained hands-on experience with Splunk deployment and API integration, and learned a lot about field parsing while generating a 120,000 log dataset for the Splunk challenges. I also became more familiar with email authentication protocols, particularly DMARC, which was essential for configuring the phishing challenge’s backend and ensuring messages weren't being blocked by spam filters.