In the Fall of 2018, tasked with the responsibility of teaching Computer Systems Security to a little over a hundred fourth-year undergraduate students at Arizona State University, we were faced with a challenge: how do we best teach hundreds of students to become skilled hackers in just a single semester? With a background in Capture The Flag (CTF) competitions, as members of Shellphish and the DEF CON CTF organizing team Order of the Overflow, we realized our best chance was to teach the course in the same way we learned: by doing. And so, the night before the first lecture, at a coffee shop in Tempe, Arizona---late into the night---we bought the domain pwn.college, created the first assignment, and glued together a simple netcat interface in what would become the first version of the pwn.college DOJO.
For a more academic discussion of pwn.college, see our SIGCSE papers:
- DOJO: Applied Cybersecurity Education In The Browser at SIGCSE 2024
- PWN The Learning Curve: Education-First CTF Challenges at SIGCSE 2024
- SENSAI: Large Language Models as Applied Cybersecurity Tutors at SIGCSE 2025
See also Connor's PhD work, which focuses on pwn.college:
And some ASU news articles: