[Noisebridge-discuss] Security group update

aestetix aestetix aestetix at gmail.com
Fri Nov 6 21:45:28 UTC 2009


Hey,

The security group hasn't generated much discuss-list activity, but we've
been working on a few things. Had a couple of lectures (I spoke on classical
cryptography and cross site scripting, micah has given a few chats on
networking security and xampp), and some other things.

We now have a computer set up at 172.30.1.173 that is hosting a bunch of
virtual machines. Some of them are CTF images, and a few others are very
crappy insecure images (Like early versions of Windows XP), and last night I
built an image that I installed apache, mysql, and a few other things on.
The idea is that we can go through milw0rm and other sites, find exploit
code, and test it out on a local system. Some people are interested in
security but have never actually practiced it, and this is a great way to
break the ice.

The system currently has Joomla with a plugin or two that is known to be
insecure. I'll be finding applicable exploit code and putting it on the
system so people can see how it works. Ideally, we'll have a few dozen of
these, so anyone who wants can log in, try their hand, and then look at the
code to see how it works. It has a lot of the elements of HackThisSite, but
with software that is actually running on a lot of servers.

If anyone is interested in contributing to this, join the security list!

aestetix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20091106/5ed019d3/attachment-0003.html>


More information about the Noisebridge-discuss mailing list