・
Reviews 17
・
Average rating 4.8
I will describe the pros and cons. This review was written after completing only the problems within the lecture content, without solving the CTF problems. [Pros] 1. Problems can be solved through a stable web environment. -> Previously, users had to set up environments individually using virtual machine images, which often led to environment-specific issues that prevented even attempting the problems. Knock-on has solved this issue through its problem-solving LMS. 2. Active community (Discord) -> Technical support for resolving issues encountered during problem-solving was extremely fast and satisfying thanks to active communication on Discord. -> I am especially grateful to yeonwoo and hongsam3 for their generous advice and support. 3. Web vulnerability problems across various fields -> While other environments often focus heavily on XSS or SQL Injection, Knock-on was great because it provided exposure to diverse environments and problems (e.g., SSTI, Race Condition, etc.). [Cons] 1. I wish there were higher difficulty problems for SQL Injection. -> For example, it would be good to have problems with a difficulty level where you have to extract table and column names one by one using Blind SQL Injection from SQL metadata (e.g., information_schema.schemata in MySQL). 2. (The biggest issue) The text in the solution videos was too small to see clearly, making it difficult to follow the problem-solving screen. I hope there is a review process before uploading solution videos.
Thank you so much for taking the time to write such a thoughtful review, detailing both the pros and cons. I read through every point carefully. First of all, thank you for your positive feedback on the LMS-based web environment and the Discord community. I designed the system so that students could focus entirely on problem-solving without the unnecessary stress of setting up environments, and I’m glad that intention came through. I also appreciate your kind words regarding the communication and support on Discord; I will be sure to pass your compliments along to the individuals you mentioned. I also strongly agree with your point about the benefit of experiencing a wide range of web vulnerabilities—such as SSTI and Race Condition—rather than being limited to just XSS and SQLi. My goal was to broaden the scope of what students might encounter in real-world scenarios, and it seems that direction was well-received. Regarding the drawbacks you mentioned, I believe they are all very valid points. I plan to actively incorporate high-difficulty SQL Injection challenges (especially those involving Blind-based metadata extraction) into future advanced tracks or as additional problems. I agree that we need "endurance-testing problems" rather than just simple bypasses. The issue with the font size in the solution videos is also very important feedback. Since you highlighted it as the biggest issue, I will ensure that all future uploads undergo a much stricter pre-check for resolution, scaling, and readability. A review written from such a detailed and technical perspective is incredibly helpful for improving the course. Thank you once again, and I will strive to provide even better content in future sessions! :)
