LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
- Using ClamAV to Prevent Malware and Data Loss
- Secure Web Application Penetration Testing
- User Interface is Security
- APT is Real Enough
- SSHatter 1.0
- Drupal Core Color XSS Vulnerabilities
- Hookworm Stealth PHP Backdoor
- FEC Data Ripe for Mining
- When is LFI Really ACE?
- Combating XSS with HTMLPurifier
This exercise is intended to be an educational experience. In particular it is designed to demonstrate how vulnerabilities can be “chained” together to lead to a complete compromise. There is no system on the target that is immediately exploitable to become root, but there are problems that can be exploited in tandem to compromise the root account. This exercise can also be used to benchmark automated testing tools. In particular this exercise seeks to expose participants to effective, free, open source security testing tools as well as to demonstrate many of the common weaknesses of such tools. Although the approach to this exercise is scripted, there are a number of unscripted vectors that can be used to exploit the target.
Download : CTF7plusDocs.zip (742.6 MB)
Find Other version |
Resources : http://www.madirish.net/
Our post before : http://seclist.us/update-lampsecurity-training-ctf4-ctf5.html