Full Disclosure mailing list archives
LAMPSecurity.org Capture the Flag Exercise
From: Justin Klein Keane <justin () madirish net>
Date: Thu, 19 Mar 2009 19:31:53 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I'm happy to announce that the first installment of LAMPSecurity.org's capture the flag series of exercises is now available. This is a training exercise released in support of the educational mission of LAMPSecurity.org. The exercise is modeled after many of the exercises that are presented in expensive commercial training courses, except it's free, of course. Unlike tools like OWASP's WebGoat, LAMPSecurity.org's capture the flag exercise consists of a full, vulnerable, virtual machine (VMWare's free Player is required). This allows users to explore vulnerabilities at every level of the LAMP stack. The first exercise includes an "attack" VM as well, with tools pre-installed (where possible). It also includes over 60 pages of step-by-step documentation so no prior experience is necessary (although the documentation only outlines one of several routes to root compromise). The exercise is designed to educate system administrators and developers on some common dangers and mis-configurations facing Linux,Apache,MySQL, PHP (LAMP) applications. Further details, including the documentation, are available at http://lampsecurity.org/capture-the-flag-4. The vulnerable virtual machine and attack image are available from SourceForge at https://sourceforge.net/projects/lampsecurity/. Constructive feedback is of course welcome. Thank you and enjoy. - -- Justin C. Klein Keane http://www.MadIrish.net http://LAMPSecurity.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iPwEAQECAAYFAknC1ekACgkQkSlsbLsN1gC22Ab+KH2u/GkEs8GkZsj6cxvUTdlu oG99awesvAwOlC6FhTnFkPm2lWE9Oe+66YjErDqNOXW1J14nJLSoLgBxMSgBhs1+ FeF6+ZSDHvWvThNhDVsxBqh7Y+LgSRq8GE4rn4DCZXiVlGN+lUGiXEMx5E/RLmSM jT2Ek81BfNqOkWOfYoITMQr5Ate3yZ9YZud8W5iUy0pg/my+PScgiPcf5zjuXGMd 8c60QZFb3arnIPi2VUsaCXb/MRbx32LBBtrsvkyA7qiWZBnejyU/5OycNKRqO/T2 cptc906bsy4nB6jjT8g= =bN50 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- LAMPSecurity.org Capture the Flag Exercise Justin Klein Keane (Mar 19)