Author: Marek Geleta
Supervisor: Jan Vykopal
Abstract: Capture-the-Flag competitions frequently employ the attack-defence format, but bringing that format into university courses is hindered by the labor of creating fresh vulnerable services—re-using past targets encourages solution sharing between students. This thesis introduces a generator that, from a brief text specification selecting vulnerability types and difficulty levels from a predefined catalogue, builds a containerised service ready for deployment into the FAUST attack-defense framework. The core business logic is fixed, yet the generator randomises API identifiers, interface theme, and the exact placement of each vulnerability, yielding a distinct exploit path for every requested flaw. It produces a runnable container image together with FAUST-compatible checker scripts, enabling instructors to publish a fully functioning, exploitable target without manual adjustment. A pilot classroom trial confirmed that the tool generated applications that deployed out of the box and behaved as intended, showing that automated diversification can make attack-defence CTF exercises practical for teaching while significantly cutting preparation effort.