Typhoon Vulnerable VM

  • What’s Typhoon Vulnerable Virtual Machine?

Typhoon Vulnerable VM is a virtual machine bundled with several vulnerabilities that provides a laboratory environment for researchers looking into enhancing their skills in the field of Cyber Security. Typhoon VM v1 has been developed by the Prisma CSI team to provide a mini lab environment for the Practical Penetration Testing training offered by the company. You can also download the virtual machine and install it on your own system, giving you too a chance to gain some practical skills in this field.


  • Why the name ‘Typhoon’?

The name is derived from a famous saying in Turkey “Hedef ben miyim Tayfun?” which roughly translates to “Am I the target Tayfun?”. In our training, the target is Typhoon.


  • What are some of the helpful resources for Typhoon VM?

After an update of training material, the Prisma CSI team shares presentations, practicals and the virtual machine used in v1 training for the benefit of researchers looking to improve their skills the field of cyber security. You can follow us on our twitter handle @prismacsi to stay updated on our shared content.

All our shared presentation documents to this date can be accessed from the following link:



  • What are the contents of Typhoon VM?

Typhoon VM contains several vulnerabilities and configuration errors. Typhoon can be used to test vulnerabilities in network services, configuration errors, vulnerable web applications, password cracking attacks, privilege escalation attacks, post exploitation steps, information gathering and DNS attacks. Prisma trainings involve practical use of Typhoon. The first version of Typhoon VM v1. has been shared for use by any cyber security researcher wishing to improve themselves in the field.

Typhoon VM also includes contents used in web application security training such as DVWA and XVWA.


  • Disclaimer!

The Typhoon virtual machine has been created for educational purposes and should only be installed and used in educational environments. It is recommended that the virtual machine should not be installed in corporate networks and if so, it should be done under a controlled environment. Prisma CSI and its team is not responsible for any harm or loss caused by its misuse.


  • Resources

The virtual machine can be downloaded from the link below. All information on the installation and setup of the virtual machine will be shared in this field. Write-ups are expected from Cyber Security researchers before sharing. In the near future detailed reports on penetration tests and vulnerabilities found on Typhoon will be accessible here.


  • Writeup

Blogs on the exploitation of vulnerabilities found on Typhoon will soon be accessible from the area above. However, we would like to emphasize that researchers are given the first priority.

If you have any write-up or blog material on Typhoon you can contact us on the following e-mail address: [email protected].

We would love to share your writings on our website.

MD5 (Typhoon-v1.02.ova) = 16e8fef8230343711f1a351a2b4fb695