Loading practice challenges...
All Practice Resources
CTF & Practice Challenges
This section contains two types of content: NCL competition prep (cybersecurity challenges) and C programming practice (CodeStepByStep exercises linked to course topics). The NCL material prepares you for the National Cyber League competition. The programming practice reinforces what you learn in lectures.
Want to compete? See the Competition Prep Guide for a readiness checklist, practice platform recommendations per category, and the NCAE Cybergames first-15-minutes checklist.
Week 2 Practice CTF (Open Now)
The practice CTF is live at play.jdoner.me. It covers everything from Weeks 1 and 2 and stays open all week for you to practice at your own pace.
- 126 challenges across 25 categories covering navigation, permissions, redirection, pipes, environment variables, wildcards, and man pages
- 2,665 points total — 50% knowledge questions, 50% hands-on SSH challenges
- SSH puzzle boxes — log in to the server and solve real problems (permissions locksmith, pipeline puzzler, redirect detective, environment escape room)
- No time limit — practice as much as you want
- Leaderboard — compete with classmates for bragging rights (no grade impact)
- Hints available — use them if you are stuck (small point cost)
Login with your GitHub account. If you completed CTF 0, your scores are preserved.
SSH Challenges
Some challenges require you to SSH into a server and solve problems hands-on. Each box has its own login:
| Box | Command | Password |
|---|---|---|
| Permission Locksmith | ssh w2p-perms@play.jdoner.me -p 2222 |
perms240 |
| Pipeline Puzzler | ssh w2p-pipes@play.jdoner.me -p 2222 |
pipes240 |
| Redirect Detective | ssh ctf-redir@play.jdoner.me -p 2222 |
redir240 |
| Environment Escape | ssh w2p-env@play.jdoner.me -p 2222 |
env240 |
| Week 1 Encore | ssh w2p-enc@play.jdoner.me -p 2222 |
encore240 |
Read the MISSION.txt or README file after logging in for instructions.
CTF 0 (Completed)
The Week 1 warm-up CTF ran during class on April 4. Scores are recorded. If you missed it, the challenges are still available in the practice CTF above.
NCL Competition Prep
The National Cyber League (NCL) is a semester-long cybersecurity competition with 9 challenge categories. These pages cover each category with tool references, walkthroughs, and practice resources. The NCL skill tree in the Skill Tree tracks your progress across these areas.
OSINT & Intelligence
- Open Source Intelligence — DNS, WHOIS, metadata extraction, HTTP headers, PGP, threat intel, SSL/TLS certificates
- Scanning & Reconnaissance — nmap, port scanning, service detection, OS fingerprinting
Cryptography & Password Cracking
- Cryptography — Encoding identification, Caesar, Vigenere, Rail Fence, Base64, RSA
- Password Cracking — John the Ripper, hashcat, hash identification, wordlists, mask attacks
Forensics & Analysis
- Digital Forensics — File carving, magic bytes, binwalk, Volatility memory analysis, git forensics
- Log Analysis — SSH logs, web server logs, syslog, incident timeline reconstruction
- Network Traffic Analysis — Wireshark, tshark, PCAP filtering, credential extraction, attack detection
Exploitation
- Web Application Security — SQL injection, XSS, command injection, directory traversal, IDOR
- Enumeration & Exploitation — Binary analysis, GDB, buffer overflows, format strings, reverse engineering
Skill Drills
Practice drills for each NCL and NCAE category. These are interactive quizzes in the Skill Tree — work through them to test your knowledge before competition day.
NCL Drills: Metadata Extraction | DNS Recon | Classical Ciphers | Hash Cracking | File Forensics | Steganography | OSINT Deep Dive | Network Scanning | Web Recon | Binary Analysis | Exploit Foundations
NCAE Drills: SSH Defense | DNS Operations | SMB Triage | Incident Response
C Programming Practice
These are CodeStepByStep exercises organized by topic. Each set is linked from the lesson where the concept is taught — you can also access them directly here. Work through them after reading the corresponding lesson.
Weeks 3-4: C Foundations
- Programming Basics — 13 exercises · printf, scanf, functions, basic I/O
- Expressions & Type Conversion — 2 exercises · Operator precedence, casting
- If/Else Decisions — 4 exercises · Conditionals, control flow
- Loops — 29 exercises · for, while, nested loops
- Parameters & Return Values — 27 exercises · Pass-by-value, function tracing
- Bitwise Operations — 23 exercises ·
&,|,^,~,<<,>>
Week 5: Arrays & Strings
- Arrays — 12 exercises · Traversal, manipulation, bounds
- Strings — 11 exercises · string.h functions, char arrays
Weeks 6-7: Pointers & Memory
- Pointers — 10 exercises ·
&,*, arithmetic, double pointers - Dynamic Memory — 8 exercises · calloc, free, Valgrind
Weeks 8-9: Advanced C
- Structs — 6 exercises · typedef, struct pointers
- File I/O — 4 exercises · fopen, fscanf, fgets
- Function Pointers & Generics — 8 exercises · Callbacks,
qsort,void *
Cross-Cutting
- Secure Coding — 6 exercises · Buffer overflows, input validation
External Practice Platforms
Free platforms for additional practice beyond course content:
- pwn.college — ASU’s binary exploitation platform (1000+ challenges)
- picoCTF — CMU’s educational CTF with learning guides
- TryHackMe — Guided cybersecurity rooms
- HackTheBox — Real machines to hack
- CryptoHack — Cryptography challenges
- PortSwigger Web Security Academy — Web vulnerability labs
- CyberDefenders — Blue team forensics challenges