Vulnerable versions of vsftpd, Samba, Apache, MySQL, PostgreSQL, and many other services - Multiple web applications (DVWA, Mutillidae, phpMyAdmin) pre-installed - Misconfigured SSH, NFS, and other services - Dozens of exercises covering the OWASP Top 10