for a capture the flag event, I'd divide them up into 4 groups. Give them X amount of time to set up a system and harden it. Then give them an image file to put somewhere on the box (different for each team). Then let them go at it either in a bracket or free for all.

Capture the image, and shut down the box they're trying to defend.

Next time, switch up the people on the teams.

That way they get to work with different people, they get to learn both sides of pen-testing (how to do it and spot / defend). Rotating people around will hopefully prevent 1 team from dominating the rest every time.

Purposely put your weakest people with the strongest. IF they're strong in the cracking, make them take a couple of turns as incident response.

i see some good ideas arond here!

maybe give DVL or some other pentest disks (like De-Ice) a go as a base to start with. another option would be to use the lampsecurity disks (which have great documentation, but for the instructor only ofcourse) and make it a time trial! maybe even set up a group that tries to find the errors in the code against a group trying to hack it. be sure to put a chapter "ethics" in it while you finish up. good luck and i'm sure there are people willing to help!

Not good when people run with your idea. try to talk to the principal directly and explain why it was your idea and how much he needs you to make it a succes! props for trying to turn this one into a working concept! keep us informed and if there is any way we can help, let us know!

Hey,

I've got some updates on this. I finally went visiting the school yesterday and met with the IT teacher and the school principal. It went surprisingly well! I kind of "connected" with the guy and the principal was happy when I talked about the disclaimer form.

The club will start around the end of September since the classes are virtually over for the summer. We will:

1) Have the students and their parents signed a disclaimer form.
2) We have a lab with about 30 computers, disconnected from the school network. Students will also be able to bring a laptop if they want to.
3) We will use Backtrack 4 in VMPlayer (Windows XP being the Host OS)
4) We have a projector and many switches, routers and other network equipments

So, all seems to look good now!

Does anyone have a disclaimer form I could adapt to the school?

Thanks!

Rock on. Glad you're back in the saddle on this.