After Metasploitable in the Cloud and bWAPP, CTF365 has increase both, the number of "vulnerable by design" servers and operating systems by adding HacmeBank and HacmeCasino as vulnerable web applications courtesy to McAfee through Fundstone.

The machines runs on Windows Server 2008 and WindowXP thanks to Microsoft through their Bizspark Startup Program and they are accessible to anyone who has a Free CTF365 account.

Hacme Bank

Hacme BankTM is designed to teach application developers, programmers, architects and security professionals how to create secure software. Hacme BankTM simulates a “real-world” online banking application, which was built with a number of known and common vulnerabilities such as SQL injection and cross-site scripting.”

Hacme Casino

Hacme CasinoTM is a learning platform for secure software development and is targeted at software developers, application penetration testers, software architects, and anyone with an interest in application security.”

By adding these components to our free pentest lab, we hope to help new comers and ethical hacker wannabes find their way into the security industry as qualified security professionals.

If you're an InfoSec instructor or teacher, feel free to use these applications in the cloud to create webcasts and teach your students. Also, if you're a screencaster, feel free to use them in your video tutorials. Don't forget to share your creations and experiences with the infosec community. We'd love to hear about them

You can access the servers at:

http://hacmebank.ctf (http://10.195.2.5)

http://hacmecasino.ctf (http://10.195.2.6)

In order to access them, please remember that you have to be logged into our CTF365 VPN.

If there's a vulnerable-by-design server or web app that you'd like to see in the CTF365 cloud, leave the information for us in a comment below. We'll review it and, if we think it'll be a valuable contribution, we'll add it to the cloud in the future.

We believe that entry level resources should be open and free of charge for anyone who wants to dive into the InfoSec industry. Through this, we think we can make the Internet a little bit safer.