Yesterday, I released something called Trollcave on my main blog. It's a bit like a game, but not quite, and there's a bit of a barrier to entry. It's an infosec challenge VM, so the idea is you download a VirtualBox ova, load it up (with sensible precautions), and try to gain unauthorised access to it by exploiting vulnerabilities and misconfigurations, ultimately to read /root/flag.txt.

Web application security experience helps, but it should be completeable by anyone with good technical and security knowledge about webdev. Here's a screenshot:

As must be obvious from the screenshot, the website on this VM is pretty heavily inspired by 64Digits. This is partially because I spent a week writing a 64D clone in Rails (driven by boredom) and then only later decided to do this with it, and partially because I had some cool ideas around how some features similar to those this site has could be used in a hacking challenge.

Bear in mind that none of the fake users are meant to be anyone here, and none of the vulnerabilities I poked into the design are indicative of anything here either.

Not sure if this is really anyone here's cup of tea, but I felt I had to mention it in a 64D blog considering the inspiration for it. Download link is here: Oracle Virtualbox .ova file (891MB)