lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 12 May 2009 17:49:05 -0400
From: "Justin C. Klein Keane" <justin@...irish.net>
To: full-disclosure@...ts.grok.org.uk
Subject: LAMPSecurity.org Capture the Flag Exercise

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

  I'm happy to announce that the second installment (cryptically called
CTF5) of LAMPSecurity.org's capture the flag series of exercises is now
available.  This edition is novel in that it includes a 0-day exploit
that can be used (indirectly) to gain root.  This is a training exercise
released in support of the educational mission of LAMPSecurity.org.  The
exercise is modeled after many of the exercises that are presented in
expensive commercial training courses, except it's free, of course.
Unlike tools like OWASP's WebGoat, LAMPSecurity.org's capture the flag
exercise consists of a full, vulnerable, virtual machine (VMWare's free
Player is required).  This allows users to explore vulnerabilities at
every level of the LAMP stack.  The first exercise includes an "attack"
VM as well, with tools pre-installed (where possible).  It also includes
over 60 pages of step-by-step documentation so no prior experience is
necessary (although the documentation only outlines one of several
routes to root compromise). The exercise is designed to educate system
administrators and developers on some common dangers and
mis-configurations facing Linux,Apache,MySQL, PHP (LAMP) applications.
Further details, including the documentation, are available at
http://lampsecurity.org/capture-the-flag-5.  The vulnerable virtual
machine and attack image are available from SourceForge at
https://sourceforge.net/projects/lampsecurity/. Constructive feedback is
of course welcome.  Thank you and enjoy.

- --
Justin C. Klein Keane
http://www.MadIrish.net
http://www.LAMPSecurity.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQD1AwUBSgnu0ZEpbGy7DdYAAQL8CQb+LaIBqQzRJuX3gvEe/XdLaxFbaGMlgrTj
WT7ma76x3RhJHU12pkWEynrlU8Jc2FHx9EY3J+PHS121WqeSR/XKAtx9pi9HIeUA
+uBXaJ1IEdwRPeuquxyJjXswzbzJ7ae9aKI4uLPWYPt4ZD+K7QHNx2S/HmuLFsSL
E0p4gcYpd7so7RQ/Ol3R6fh713c743FuQlDLG785vqY5fEgg2Kw93RcOO35YMa0A
VmrL1KmQMvE+jOYi2Xf4r2XW0lqzddHsMnPU9IsBZLlqSd3h7XDIojNfS7zdPzZL
ux+wPuOydqc=
=VWDy
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ