lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <49C2D5E9.2010204@madirish.net>
Date: Thu, 19 Mar 2009 19:31:53 -0400
From: Justin Klein Keane <justin@...irish.net>
To: full-disclosure@...ts.grok.org.uk
Subject: LAMPSecurity.org Capture the Flag Exercise

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

  I'm happy to announce that the first installment of LAMPSecurity.org's
capture the flag series of exercises is now available.  This is a
training exercise released in support of the educational mission of
LAMPSecurity.org.  The exercise is modeled after many of the exercises
that are presented in expensive commercial training courses, except it's
free, of course.  Unlike tools like OWASP's WebGoat, LAMPSecurity.org's
capture the flag exercise consists of a full, vulnerable, virtual
machine (VMWare's free Player is required).  This allows users to
explore vulnerabilities at every level of the LAMP stack.  The first
exercise includes an "attack" VM as well, with tools pre-installed
(where possible).  It also includes over 60 pages of step-by-step
documentation so no prior experience is necessary (although the
documentation only outlines one of several routes to root compromise).
The exercise is designed to educate system administrators and developers
on some common dangers and mis-configurations facing Linux,Apache,MySQL,
PHP (LAMP) applications.  Further details, including the documentation,
are available at http://lampsecurity.org/capture-the-flag-4.  The
vulnerable virtual machine and attack image are available from
SourceForge at https://sourceforge.net/projects/lampsecurity/.
Constructive feedback is of course welcome.  Thank you and enjoy.

- --

Justin C. Klein Keane
http://www.MadIrish.net
http://LAMPSecurity.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iPwEAQECAAYFAknC1ekACgkQkSlsbLsN1gC22Ab+KH2u/GkEs8GkZsj6cxvUTdlu
oG99awesvAwOlC6FhTnFkPm2lWE9Oe+66YjErDqNOXW1J14nJLSoLgBxMSgBhs1+
FeF6+ZSDHvWvThNhDVsxBqh7Y+LgSRq8GE4rn4DCZXiVlGN+lUGiXEMx5E/RLmSM
jT2Ek81BfNqOkWOfYoITMQr5Ate3yZ9YZud8W5iUy0pg/my+PScgiPcf5zjuXGMd
8c60QZFb3arnIPi2VUsaCXb/MRbx32LBBtrsvkyA7qiWZBnejyU/5OycNKRqO/T2
cptc906bsy4nB6jjT8g=
=bN50
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ