Studiegids

nl en

Capture the Flag: Cybersecurity in Practice

Vak
2025-2026

Admission Requirements

The course is extra curricular. Eligible students are bachelor students from the LIACS CS and DSAI bachelor programmes, who are able to handle the Shell and basic commands therein, they have basic understanding of the (Unix) filesystem, and are willing to expand their knowledge of C programming, and basic ASSEMBLY understanding. You can self-assess your entry level by checking the two workshops offered in the LIACS Security course, the corresponding quizzes, as well as the corresponding study material. Note that some of the required skills are not explicitly taught in the DSAI bachelor program, and as such DSAI students are expected to have gained this knowledge otherwise.

Description

Are you interested in diving in hacking content and techniques? Do you want to challenge yourself with breaking into realistic information systems, but without compromising ethics, laws, and regulations? Would you like practicing your hacking skills in a competitive environment? If you are a student in the CS or DSAI bachelor programmes at Leiden University, and you answered yes to any of the above, then the “Capture the Flag: Cybersecurity in Practice” extracurricular and the corresponding challenge we are setting up, is something for you!

In this full-year, extracurricular course, you work on a real-world hacking challenge in groups of 4-6 students. During the fall semester, you have bi-weekly lectures to familiarize yourself with the basics of hacking techniques, and bi-weekly meet-ups where you are trying to solve CTF challenges. In the spring semester, the meet-ups continue, with a focus on your final big challenge, and there are a few guest lectures as well. From the beginning of the course, and for the duration of the whole year, you receive a real-world hacking challenge/target, on which you aim to identify vulnerabilities, together with your teammates. We do this always in an ethical manner, following responsible disclosure principles, which will be explained at the beginning of the course. For the completion of the course, you deliver a report on the techniques you tried on the target, and their effect, and potentially, a security advice for the target to patch their vulnerabilities. Participation in the monthly progress update meetings, where each team reports on their findings and progress, together with delivery of a final report on your findings, counts as 2 extra-curricular ECTS (appear on your diploma, but only as extra credits). You are encouraged and supported (but not required) to compete with your teams at CTF events throughout the year, and we will ensure that you remain informed about them, and connected to the community. Note that the 2 ECTS points are not an indication of the expected work load for this extracurricular course.

  • Number of teams: 4-6

  • Team size: 4-6

  • Credits: 2 ECTS (extra-curricular) with a pass/fail grade.

Course Objectives

  • Hacking: Develop your hacking skills in a game-based and ethical manner.

  • Capture the Flag: Increase your competitiveness and apply your hacking skills with hands-on CTFs.

  • Participation in community: Become member of a lively and continuously developing community, increasing your networking opportunities, while developing skills that make you stand out also for job opportunities in cybersecurity and beyond.

  • Teamwork: Work together in a group of 4-6 students in a year-long project.

Timetable

The course runs over the full academic year.

  • August-September: Registration

  • Fall Semester:

    • Bi-Weekly lectures
    • Bi-Weekly Meet-ups

  • Spring Semester:

    • Bi-Weekly guest lectures (occasionally)
    • Bi-Weekly Meet-ups

  • October-May: Real-World Hacking Challenge with monthly progress update meetings

  • May: Report Submission

Mode of Instruction

  • (Guest) Lectures, and Hand-On Meet-Ups: Bi-weekly (i.e., one week (guest) lecture, one week hands-on).

  • CTF participation.

  • Self-management: For the final challenge, there is a strong emphasis on self-managed student groups. Teachers and TAs are available for advice, but in principle you should self-manage your team.

  • Communication: We use a Discord Channel to allow communication between students and with the teachers.

Assessment Method

The course has a PASS/FAIL grade. To pass you need to:

  • Participate in the monthly progress update meetings.

  • Deliver a final report on your findings from ethically hacking the real-world target of this year.

Reading List

Not applicable

Registration

You can join the challenge if you meet the following criteria:

  • You are a student in a LIACS CS or DSAI bachelor programme.

  • You are familiar with shell, unix filesystem, and wish to expand your knowledge of C programming.

  • You are passionate about hacking challenges.
    Finding team members

  • You may sign up as an individual, and group up during the first weeks after the course begins.

  • Registration will open mid-August.

  • In your application email to the lecturers, include:

    • Name(s), student number(s) and email address(es).
    • A one-page application letter (per student), where you describe 1) your motivation, and 2) your skill set -what experience do you(r team members) have, and what do you(r team members) want to contribute-.
      Selection

  • There is place for 25 students in total.

  • In case of too many applications, selections will be made based on your motivation letter.

  • Decisions are communicated in the first weeks of September, when the course also starts.

Contact

Education coordinator LIACS bachelors

Remarks