Home

Awesome

CONVEX

Cloud Open-source Network Vulnerability Exploitation eXperience (CONVEX) spins up Capture The Flag environments in your Azure tenant for participants to play through. The CTFs themselves are organized into independent modules that contain a create and teardown script to setup the environment programmatically. Modules also include a walkthough for each module, in case participants get stuck.


Getting Started

Identities Involved

Prerequisites

For Administrators

For Participants

Running CONVEX

  1. Clone the CONVEX Repo
    git clone https://github.com/Azure/CONVEX.git
    
  2. Run convex.ps1
    cd CONVEX
    .\convex.ps1
    
    • The script will begin by having you sign in to the Azure and AzureAD PowerShell modules as well as Azure CLI. It is important to sign in with the same identity and that the identity has the appropriate levels of access.
    • convex.ps1 handles both creating and tearing down the modules, it is the only script you as a user need to call. It will create/teardown all available modules.
    • The amount of users that are created is per module. I.e. inputting 5 users and creating modules 1, 2, and 3 simultaneously will create 15 users, 5 for each module.
  3. Allow the resources to deploy.

Playing the CTFs

Administrators

Administrators will have the responsibility of giving participants their participant account and password. The username can be found either in Azure Active Directory or in the User Key Vault found in the Resource Group of the starting subscription for each module. The User Key Vault also contains the user's password.

Participants

Participants will receive their username and password from the administrator. They can then log on to the Azure portal with those credentials to enter the CTF environment and begin.

Notes

Tearing down a module will delete the environment as well as removing the participant accounts and that module's specific security group from the Azure tenant.


Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.