As pervasive as Microsoft Windows is, the operating system is rarely used as a platform for Capture The Flag (CTF) competitions. That’s a problem. CTFs provide real-world experience for modern security researchers’ education. What’s more, only the Russian CTFs seem to release Windows challenges; none of the large American CTFs do.

As a contest organizer, securing your infrastructure is the biggest priority. If you don’t, one team may harass the software that underpins the competition, and interfere with other teams.

Prior to Windows 8, securing your infrastructure for running a Windows CTF competition was very complicated. Microsoft didn’t make it easy to sandbox applications. You’d have to configure in-depth internals that were easily overlooked. It required deep knowledge about Windows tokens, access control lists, and mandatory integrity levels.

Finally, Microsoft introduced AppContainers in Windows 8, an effective way to segregate processes, much like iOS’s sandboxes. But the Microsoft Developer Network didn’t provide any documentation about AppContainers. So we reverse-engineered the part of Internet Explorer that spawns an AppContainer’d process. Then we made them easy to use with AppJailLauncher.

AppJailLauncher keeps CTF infrastructure secure. It puts the application into a restricted token sandbox which prevents CTF players from accessing anything outside of the immediate challenge. The code’s repository includes everything needed to isolate a Windows TCP service from the rest of the operating system.

Next Project