Full Disclosure mailing list archives

LAMPSecurity.org Capture the Flag Exercise


From: Justin Klein Keane <justin () madirish net>
Date: Thu, 19 Mar 2009 19:31:53 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

  I'm happy to announce that the first installment of LAMPSecurity.org's
capture the flag series of exercises is now available.  This is a
training exercise released in support of the educational mission of
LAMPSecurity.org.  The exercise is modeled after many of the exercises
that are presented in expensive commercial training courses, except it's
free, of course.  Unlike tools like OWASP's WebGoat, LAMPSecurity.org's
capture the flag exercise consists of a full, vulnerable, virtual
machine (VMWare's free Player is required).  This allows users to
explore vulnerabilities at every level of the LAMP stack.  The first
exercise includes an "attack" VM as well, with tools pre-installed
(where possible).  It also includes over 60 pages of step-by-step
documentation so no prior experience is necessary (although the
documentation only outlines one of several routes to root compromise).
The exercise is designed to educate system administrators and developers
on some common dangers and mis-configurations facing Linux,Apache,MySQL,
PHP (LAMP) applications.  Further details, including the documentation,
are available at http://lampsecurity.org/capture-the-flag-4.  The
vulnerable virtual machine and attack image are available from
SourceForge at https://sourceforge.net/projects/lampsecurity/.
Constructive feedback is of course welcome.  Thank you and enjoy.

- --

Justin C. Klein Keane
http://www.MadIrish.net
http://LAMPSecurity.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iPwEAQECAAYFAknC1ekACgkQkSlsbLsN1gC22Ab+KH2u/GkEs8GkZsj6cxvUTdlu
oG99awesvAwOlC6FhTnFkPm2lWE9Oe+66YjErDqNOXW1J14nJLSoLgBxMSgBhs1+
FeF6+ZSDHvWvThNhDVsxBqh7Y+LgSRq8GE4rn4DCZXiVlGN+lUGiXEMx5E/RLmSM
jT2Ek81BfNqOkWOfYoITMQr5Ate3yZ9YZud8W5iUy0pg/my+PScgiPcf5zjuXGMd
8c60QZFb3arnIPi2VUsaCXb/MRbx32LBBtrsvkyA7qiWZBnejyU/5OycNKRqO/T2
cptc906bsy4nB6jjT8g=
=bN50
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Current thread: