This repository contains an intentionally vulnerable application security and Active Directory lab used for authorized training, learning, and portfolio demonstration purposes. Certain weaknesses are deliberately introduced to simulate real-world risk scenarios in a controlled and isolated environment.
This policy explains how security issues related to the lab infrastructure itself (not the intended vulnerabilities) should be reported.
Some security weaknesses in this repository are intentional by design and documented as part of the learning objectives. These are not considered security issues and do not require reporting.
Examples include:
- Deliberate web application flaws
- Misconfigurations used for demonstration
- Weak credentials or trust assumptions used in lab scenarios
If you discover a security issue that is not part of the intended lab design, such as:
- Accidental exposure of secrets or credentials
- Vulnerabilities that affect the host system or users outside the lab
- Issues that could cause unintended harm or instability
Please report it responsibly.
- Open a GitHub Issue without posting exploit details publicly, or
- Contact the repository owner directly via LinkedIn
LinkedIn: https://www.linkedin.com/in/nguyenbrandonm
- Reports will be reviewed on a best-effort basis
- You may be asked for additional clarification
- Issues deemed out of scope or aligned with intended lab behavior may be closed without remediation
This project:
- Is not intended for production use
- Should only be deployed in isolated, non-internet-facing lab environments
- Is not supported for use against real-world systems or networks
Users are responsible for ensuring they have proper authorization before testing.