The Damne Vulnerable Android Components – DVAC Damn Vulnerable Android Components (DVAC) is an educational Android application intentionally designed to expose and demonstrate vulnerabilities related to various Android components such as Activities, Intents, Content...
PMAT-labs – The labs for Practical Malware Analysis & Triage This repository contains live malware samples for use in the Practical Malware Analysis & Triage course (PMAT). These samples are either written to emulate...
GCPGoat: A Damn Vulnerable GCP Infrastructure Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an...
CAZT (Cloud AuthoriZation Trainer) CAZT (Cloud AuthoriZation Trainer) is a simulator of cloud-provider responsible REST APIs. It includes a lab manual for getting hands-on practice with how to attack authorization vulnerabilities in a cloud...
Damn Vulnerable RESTaurant An intentionally vulnerable API service designed for learning and training purposes dedicated to developers, ethical hackers, and security engineers. The idea of the project is to provide an environment that can...
CNAPPgoat CNAPPgoat is a multi-cloud, vulnerable-by-design environment deployment tool – specifically engineered to facilitate practice arenas for defenders and pentesters. Its main function is to deploy intentionally vulnerable environments across multiple cloud service providers,...
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for the web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed...
MACOBOX The all-in-one hacking toolbox for hardware penetration testing. MACOBOX is designed to simplify and enhance hardware penetration testing by providing a comprehensive toolset for analyzing and extracting firmware from various hardware interfaces. With...
Docker Security Playground Docker Security Playground is an application that allows you to: Create a network and network security scenarios, in order to understand network protocols, rules, and security issues by installing DSP in...
Splunk Attack Range Purpose The Attack Range solves two main challenges in the development of detections. First, it allows the user to quickly build a small lab infrastructure as close as possible to your...
SCAGoat SCAGoat is an application for Software Composition Analysis (SCA) that focuses on vulnerable and compromised JAR dependencies used in development code, providing users with hands-on learning opportunities to understand potential attack scenarios. It...
Kubernetes Goat The Kubernetes Goat designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. 🏁 Scenarios Sensitive keys in codebases DIND (docker-in-docker) exploitation SSRF in the Kubernetes (K8S) world Container...
OWASP WrongSecrets Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management...
VAmPI VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency...
What is CTFd? CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins...
cicd-goat The CI/CD Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 10 challenges, enacted against a real, full-blown CI/CD environment. The scenarios are of varying...
