Running CTF hacking games inside Azure RRS feed

  • Question

  • We are using a subscription to run a Capture the Flag game for a Cyber Conference which will involve players attacking the small infrastructure constructed within a specific Resource Group. The systems within the scoped arena wont have internet access, will be monitored and will only be accessible thorough either a bastion or a VPN controlled by us.  No attacking actions will be allowed to leave the confines of the network / resource group and only targets within the resource group are in scope. We will be enforcing this and the platform will be monitored throughout the event.
    We require some guarantees this subscription / resource set wont be shut down, limited in any way or closed during the run up to the event while testing and more importantly and during the live games. 

    The games consist of several networks, subnets and virtual machines where specific vulnerabilities have been set for the players to exploit. We have not utilised any Azure SaaS services for the target systems, they are all VM's built by us.  We expect network scanning within the confines of the arena resource groups but everything else will be targeted exploits against the virtual machines.  
    We have requested support through the Azure portal and we have received a response which which included advice to pose the question here. 


    Friday, March 8, 2019 9:49 AM

All replies

  • Hello 

    We understand your requirement of running CTFs on our platform on custom VMs built by your organisation. We would request to create Any anomalous activity would be reported to you via email which is listed as a technical contact in the subscription or is setup for any alerting mechanisms which you might be using. As far as I know we generally do not shut down systems abruptly . Since this is a CTF and the amount of complicated setup required for this may constitute of exploiting tools being used by your users we would request you to strengthen the azure networks which you design to be completely isolated . Please check the network security best practices and make sure the security hardening is extremely resilient .

    I am not sure but it seems that you may not use the azure AD for your user identities however you can also check the Identity management best practices article which may give some insights on the subject .

    Unless any malicious traffic is generated by any tool/honey pot to any other resource outside of your CTF boundary and any other customer gets affected , it should be safe to run these games on our infrastructure . However as for providing guarantees , i may not be able to confirm on the forum and we may need to get clarifications internally for the same. I will check internally and update this thread. 

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!

    Friday, March 8, 2019 2:08 PM
  • Hello CY63RSI

    Thank you for your patience on this. We have had an internal discussion with engineering on this and we would like to have a conversation regarding your request . We would like to monitor the event from our side. Could you please email us at azcommunity [at] microsoft [dot] com referencing this thread at the esrliest and we will initiate a dialogue with you and share further information. 

    Thank you. 


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!

    Monday, March 11, 2019 2:48 AM