O uso de um CTF na educação formal: desafios e perspectivas
Resumo
Jogos são eficazes em estimular o engajamento e promover a aprendizagem. No âmbito de disciplinas de Cibersegurança, um dos jogos populares é o capture the flag (CTF). Embora o fator competitivo seja motivador, é importante que o foco principal seja a aprendizagem. Nesse sentido, jogos devem ser planejados de forma a alinhar desafio e conteúdo pedagógico, garantindo que a experiência contribua para os objetivos educacionais. Este trabalho relata os principais desafios — e perspectivas de trabalhos futuros — acerca da manutenção do TreasureHunt, um gerador de CTFs aplicado em aulas de Segurança Computacional há oito anos.Referências
Burket, J., Chapman, P., Becker, T., Ganas, C., & Brumley, D. (2015). Automatic problem generation for Capture-the-Flag competitions. 3GSE’15.
Cheung, R. S., Cohen, J. P., Lo, H. Z., & Elia, F. (2011). Challenge based learning in cybersecurity education. SAM’11, 1.
De La Cruz, J. & Das, S. (2022). SoK: a proposal for incorporating accessible gamified cybersecurity awareness training informed by a systematic literature review. USEC’22.
Feng, W. C. (2015). A Scaffolded, Metamorphic CTF for Reverse Engineering. 3GSE’15.
Furnell, S., Helkala, K., & Woods, N. (2021). Disadvantaged by disability: examining the accessibility of cyber security. HCI International, 197-212.
Irvine, C. E., Thompson, M. F., & Allen, K. (2005). CyberCIEGE: gaming for information assurance. IEEE Security & Privacy, 3(3), 61-64.
Kuo, C. C., Chain, K., & Yang, C. S. (2018). Cyber attack and defense training: Using emulab as a platform. IJICIC, 14(6), 2245-2258.
Ladeira, R. R. (2018). TreasureHunt: Geração automática de desafios aplicados no ensino de segurança computacional (Dissertação de mestrado). UDESC, Joinville.
Otto, V. A. U., & Ladeira, R. R. (2021). Uma Análise de Critérios de Acessibilidade em Interfaces web de Jogos de Segurança Computacional. COTB’21, 12, 563-566.
Renaud, K. (2021). Accessible cyber security: the next frontier?. International Conference on Information Systems Security and Privacy, 9-18.
Schreuders, Z. C., Shaw, T., Shan-A-Khuda, M., Ravichandran, G., Keighley, J., & Ordean, M. (2017). Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events. ASE’ 17.
Stelea, G. A., Sangeorzan, L., & Enache-David, N. (2025). When Cybersecurity Meets Accessibility: A Holistic Development Architecture for Inclusive Cyber-Secure Web Applications and Websites. Future Internet, 17(2), 67.
Tseng, S. S., Yang, T. Y., Shih, W. C., & Shan, B. Y. (2024). Building a self-evolving iMonsters board game for cyber-security education. Interactive Learning Environments, 32(4), 1300-1318.
Vigna, G. (2003). Teaching network security through live exercises: Red team/blue team, capture the flag, and treasure hunt. WISE 2003, 3-18.
W3C. (2023). Web Content Accessibility Guidelines (WCAG) 2.2. World Wide Web Consortium (W3C). [link].
Zouahi, H. (2023). Gamifying Cybersecurity Education: A CTF-based Approach to Engaging Students in Software Security Laboratories. CEEA.
Cheung, R. S., Cohen, J. P., Lo, H. Z., & Elia, F. (2011). Challenge based learning in cybersecurity education. SAM’11, 1.
De La Cruz, J. & Das, S. (2022). SoK: a proposal for incorporating accessible gamified cybersecurity awareness training informed by a systematic literature review. USEC’22.
Feng, W. C. (2015). A Scaffolded, Metamorphic CTF for Reverse Engineering. 3GSE’15.
Furnell, S., Helkala, K., & Woods, N. (2021). Disadvantaged by disability: examining the accessibility of cyber security. HCI International, 197-212.
Irvine, C. E., Thompson, M. F., & Allen, K. (2005). CyberCIEGE: gaming for information assurance. IEEE Security & Privacy, 3(3), 61-64.
Kuo, C. C., Chain, K., & Yang, C. S. (2018). Cyber attack and defense training: Using emulab as a platform. IJICIC, 14(6), 2245-2258.
Ladeira, R. R. (2018). TreasureHunt: Geração automática de desafios aplicados no ensino de segurança computacional (Dissertação de mestrado). UDESC, Joinville.
Otto, V. A. U., & Ladeira, R. R. (2021). Uma Análise de Critérios de Acessibilidade em Interfaces web de Jogos de Segurança Computacional. COTB’21, 12, 563-566.
Renaud, K. (2021). Accessible cyber security: the next frontier?. International Conference on Information Systems Security and Privacy, 9-18.
Schreuders, Z. C., Shaw, T., Shan-A-Khuda, M., Ravichandran, G., Keighley, J., & Ordean, M. (2017). Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events. ASE’ 17.
Stelea, G. A., Sangeorzan, L., & Enache-David, N. (2025). When Cybersecurity Meets Accessibility: A Holistic Development Architecture for Inclusive Cyber-Secure Web Applications and Websites. Future Internet, 17(2), 67.
Tseng, S. S., Yang, T. Y., Shih, W. C., & Shan, B. Y. (2024). Building a self-evolving iMonsters board game for cyber-security education. Interactive Learning Environments, 32(4), 1300-1318.
Vigna, G. (2003). Teaching network security through live exercises: Red team/blue team, capture the flag, and treasure hunt. WISE 2003, 3-18.
W3C. (2023). Web Content Accessibility Guidelines (WCAG) 2.2. World Wide Web Consortium (W3C). [link].
Zouahi, H. (2023). Gamifying Cybersecurity Education: A CTF-based Approach to Engaging Students in Software Security Laboratories. CEEA.
Publicado
16/10/2025
Como Citar
LADEIRA, Ricardo de la Rocha; TILLMANN, Luana; ESPIG, João Vitor.
O uso de um CTF na educação formal: desafios e perspectivas. In: ESCOLA REGIONAL DE INFORMÁTICA DO ESPÍRITO SANTO (ERI-ES), 10. , 2025, Espírito Santo/ES.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 154-157.
DOI: https://doi.org/10.5753/eries.2025.15989.
