// ICOA SANDBOX GUIDE

ICOA Extra

The ICOA-native layer — 110 tools inside your exam terminal, the ICOA CLI's own commands, and the AI tracks. This is what /starter/ and /advanced/ don't cover.

Node.js 22+ Python 3.12 macOS · Linux · WSL2

Environment baseline

Every ICOA exam terminal starts here. These run before any question is asked.

Node.js 22.22.2+

The runtime that powers icoa-cli. Verified against 25.9.0 on modern macOS and Linux.

Python 3.12.13

Official Python. Used for CTF scripting, ML preview tasks, and every pre-installed package below.

102 pre-installed tools

Every category below is already on the box. Nothing to apt install at exam time.

25 Python packages

CTF Core · Web & Network · Crypto & Math · Binary & RE · Data & Forensics · Security — ready to import.

The sandbox — all 110, by category

Pre-installed, verified, ready. Blue pills = CLI tools, purple pills = Python packages.

Editors & Terminal

vim 9.1 nano tmux 3.6 screen less

Compilers & Build

gcc 17 g++ 17 make nasm 3 cmake 4 as ld pkg-config

Python Runtime

python3 3.12 pip3 26 python3-venv

Networking

curl 8.7 wget 1.25 nc socat 1.8 nmap 7.99 ssh 9.9 dig whois ping traceroute tcpdump 4.99 tshark 4.6

Debuggers

gdb 17.1 objdump

Reverse Engineering

radare2 6.1 rabin2 upx 5.1 strings

Forensics

binwalk exiftool 13.5 file xxd pdftotext pngcheck sleuthkit

Crypto & Password

john hashcat 7.1 openssl 3 gpg 2.4

Data Processing

jq 1.7 sqlite3 3.51 base64 hexdump od sort uniq wc

Archive

unzip zip tar gzip bzip2 xz

Core Unix

cat grep sed awk find head tail diff patch chmod chown ln cp mv mkdir rm

Git & Docker

git 2.39 docker 29

Python · CTF Core

pwntools 4.12 pycryptodome 3.23 z3-solver 4.13 angr 9.2

Python · Web & Network

requests 2.32 beautifulsoup4 4.14 flask 3.0 scapy 2.5 paramiko 4.0

Python · Crypto & Math

sympy 1.14 gmpy2 2.3 cryptography 46

Python · Binary & RE

capstone 5.0 ropper 1.13 ROPgadget 7.7 pefile 2024

Python · Data & Forensics

pillow 12 numpy 2.3 python-magic yara-python 4.5

Python · Security Tools

sqlmap 1.10 ipython 9.12 uncompyle6 3.9 volatility3 2.27 pyserial 3.5

ICOA CLI commands

What you type in the outer ICOA shell to launch, navigate, and submit. These aren't sandbox tools — they drive the ICOA runtime itself.

icoaLaunch the ICOA CLI (opens its own shell, shows the banner)
demo10 practice questions — no token, no timer pressure, safe to retry
exam <token>Start the real exam with the token your committee issued (one device, one shot)
refPull up the full command reference inside the exam — all 110 operations at a glance
lang <code>Switch the CLI interface language (e.g. lang en, lang zh, lang ar)
submitSubmit the current block of answers (final in exam mode, reversible in demo)
backReturn to the previous question or exit a submenu
helpCancel a pending answer (demo only — don't confuse with sandbox man)
ICOA_RESET_STATE=1 icoaProctor-only: reset a stuck token when a student switches devices after hardware failure

The AI tracks

ICOA's two AI-specific layers, beyond classical CTF.

AI4CTF

AI as your teammate

Inside Paper B and Paper A you can open an AI chat while solving problems. The CLI's built-in interface lets you ask the model to explain concepts, review your approach, or unstick a step.

  • Chat is scoped to the exam — no external internet
  • All conversations are logged for scoring fairness
  • The AI cannot submit answers for you
CTF4AI

Attack AI systems

Paper A introduces prompt-injection fundamentals. Paper S (Sydney finals) expands to adversarial ML — evasion attacks against classifiers, membership inference, model extraction.

  • Paper A: prompt injection & jailbreaking — no coding required
  • Paper S: adversarial ML via numpy, pandas, sklearn
  • Foundational reading: Biggio & Roli (2018) Wild Patternsarxiv.org/abs/1712.03141

What to focus on — by paper

The 110 tools above cover a lot. Here's the subset that matters most at each tier.

Paper C

Entry level

Core Unix · Data Processing · Archives · Editors · python3 basics.

Paper B

K-12 with AI

Above + Networking (curl, nc, nmap) · Crypto & Password · Python Web & Network (requests, beautifulsoup4, flask).

Paper A

Advanced

Above + Reverse Engineering (radare2, gdb, strings) · Python CTF Core (pwntools, z3-solver, angr) · prompt-injection fundamentals.

Paper S

Sydney finals

Above + Python Data & Forensics (numpy, pandas, sklearn, pillow) · Security Tools (sqlmap, volatility3) · adversarial ML.

Exam mechanics

The operational rules around those 110 tools.

Tokens

10 characters, one device, one shot. Distributed by your school or committee up to 24 h before the exam.

Recording

OBS screen-capture for any contested submission. CLI-side logs are preserved server-side too.

Clean install

If setup fails: npm cache clean --forcenpm uninstall -g icoa-cli → reinstall.

Version pinning

If your committee requires an exact CLI version: npm install -g icoa-cli@<version>.

Back to Selection Guide Starter Advanced Home