Ad-Honeypot-Autodeploy – Deploy A Small, Intentionally Insecure, Vulnerable Windows Domain For RDP Honeypot Fully Automatically

Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically. Runs on self-hosted virtualization using libvirtwith QEMU/KVM (but it can be customized easily for cloud-based solutions). Used for painlessly set up a small Windows Domain from scratch automatically (without user interaction) for the purpose of RDP Honeypot testing. Features a Domain Controller,Read More

TIWAP – Totally Insecure Web Application Project

TIWAP is a web security testing lab made using Flask for budding security enthusiasts to learn about various web vulnerabilities. Inspired by DVWA, the contributors have tried their best to regenerate various web vulnerabilities The application is solely made for educational purpose and to learn web hacking in a legal environment. Disclaimer We highly recommendRead More

WSuspicious – A Tool To Abuse Insecure WSUS Connections For Privilege Escalations

This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post: It was inspired from the WSuspect proxy project: Acknowledgements Privilege escalation module written by Maxime Nadeau from GoSecure Huge thanks to: Julien Pineault from GoSecure and Mathieu Novis from ‎SecureOps forRead More

SecGen – Create Randomly Insecure VMs

SecGen creates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques.Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to create randomly vulnerable virtual machines that can be used for learning or for hosting CTF events.The latest version is available at: completeRead More

IoTGoat – A Deliberately Insecure Firmware Based On OpenWrt

The IoTGoat Project is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on the IoT Top 10 as documented by OWASP: To get started with developing IoTGoat challenges, review the Build Environment GuidanceRead More