Dockerfile hygiene: Python 3.14, CVE paths, compose context

docker-compose.lab.yml

@@ -236,8 +236,8 @@ services:
   # Used by tools/lateral-movement/sccm-abuse/ — lab domain gated.
   mock-sccm:
     build:
-      context: .
-      dockerfile: infra/lab/mock-sccm/Dockerfile
+      context: infra/lab/mock-sccm
+      dockerfile: Dockerfile
     container_name: lab-mock-sccm
     hostname: sccm.corp.lab.local
     environment:

infra/docker/Dockerfile.chrome-x64-test

@@ -94,10 +94,10 @@ RUN wget -q "https://storage.googleapis.com/chrome-for-testing-public/141.0.7390
     rm /tmp/chrome-141.zip
 
 # Copy exploit files for each CVE
-COPY cve-2024-0517-repo/ /exploits/cve-2024-0517/
-COPY cve-2024-1939-repo/ /exploits/cve-2024-1939/
-COPY cve-2024-5830-repo/ /exploits/cve-2024-5830/
-COPY cve-2025-13223-repo/ /exploits/cve-2025-13223/
+COPY cves/chrome/2024/CVE-2024-0517/ /exploits/cve-2024-0517/
+COPY cves/chrome/2024/CVE-2024-1939/ /exploits/cve-2024-1939/
+COPY cves/chrome/2024/CVE-2024-5830/ /exploits/cve-2024-5830/
+COPY cves/chrome/2025/CVE-2025-13223/ /exploits/cve-2025-13223/
 
 # Create non-root user
 RUN useradd -m -s /bin/bash user

infra/docker/Dockerfile.cve-2024-9680-debug

@@ -65,7 +65,7 @@ end
 GDB
 
 # ── Copy exploit files ────────────────────────────────────────────────
-COPY cve-2024-9680-repo/ /srv/exploit/
+COPY cves/firefox/2024/CVE-2024-9680/ /srv/exploit/
 
 # Create fake ~/Downloads for demo exfiltration
 RUN mkdir -p /root/Downloads && \

infra/docker/Dockerfile.cve-2024-9680-test

@@ -16,7 +16,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && rm -rf /var/lib/apt/lists/*
 
 # Copy all exploit files
-COPY cve-2024-9680-repo/ /srv/exploit/
+COPY cves/firefox/2024/CVE-2024-9680/ /srv/exploit/
 
 # Create an index page listing all exploits
 RUN cat > /srv/exploit/index-test.html << 'HTML'

infra/docker/Dockerfile.cve-2025-4919-test

@@ -40,7 +40,7 @@ RUN ARCH=$(uname -m) && \
     ln -sf /opt/firefox/firefox /usr/local/bin/firefox
 
 # Copy exploit files
-COPY cve-2025-4919-repo/ /srv/exploit/
+COPY cves/firefox/2025/CVE-2025-4919/ /srv/exploit/
 
 # Create an index page
 RUN cat > /srv/exploit/index-test.html << 'HTML'

infra/docker/Dockerfile.cve-2026-2441-test

@@ -43,7 +43,7 @@ RUN ARCH=$(uname -m) && \
     fi
 
 # Copy exploit files
-COPY cve-2026-2441-repo/ /srv/exploit/
+COPY cves/chrome/2026/CVE-2026-2441/ /srv/exploit/
 
 # Create index page
 RUN cat > /srv/exploit/index-test.html << 'HTML'

infra/docker/Dockerfile.firefox-browser

@@ -5,14 +5,14 @@
 # Run:   docker run --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix \
 #          --net=host firefox124-browser
 
-FROM --platform=linux/amd64 ubuntu:22.04
+FROM --platform=linux/amd64 ubuntu:24.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update && apt-get install -y \
-    wget bzip2 libgtk-3-0 libdbus-glib-1-2 libxt6 \
+    wget bzip2 libgtk-3-0 libdbus-glib-1-2 libxt6t64 \
     libx11-xcb1 libxcomposite1 libxdamage1 libxrandr2 \
-    libasound2 libpulse0 libgl1 libpango-1.0-0 \
+    libasound2t64 libpulse0 libgl1 libpango-1.0-0 \
     fonts-liberation xdg-utils procps \
     && rm -rf /var/lib/apt/lists/*
 

infra/lab/llm-target/copilot-app/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.12-slim
+FROM python:3.14-slim
 
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
 

infra/lab/mock-databricks/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.12-slim
+FROM python:3.14-slim
 
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
 

infra/lab/mock-saml/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.12-slim
+FROM python:3.14-slim
 
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
 

infra/lab/mock-sccm/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.12-slim
+FROM python:3.14-slim
 WORKDIR /app
 RUN pip install flask
 COPY mock_sccm.py .

infra/lab/vulnerable-lab-app/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.12-slim
+FROM python:3.14-slim
 
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv