Multi stage penetration test example?

Hi,

I am a MSc student who are currently writting my MSc thesis about 
penetration testing. The approach I use is similar to McDermott's [ 
attack nets [1], i.e. I use petri nets (a kind of graph) to model 
penetrations and to help with the process of penetration testing.

To do "proof of concept" of my model I plan to build different test 
scenarios. These scenarios need to be a little more complex than 
standard buffer overflow vulnerability penetrations.

What I need are penetration testing examples where several "variables" 
must be controlled at the same time (in paralell) or where different 
vulnerabilites rely upon each other to be able to succeed in penetrating 
 (get access of some kind). Maybe an advance e-commerce/web.ap. 
multi-stage attack that require conrol over many states/variables or a 
root kit approach which need many conditions to be fullfiled to be 
sucessfull?

Any of you that know of such examples or better ones that could be 
reproduced in an lab setting (without the use of to many hosts)? Links?

Thanks for any help!

--
Vennlig hilsen / Best regards
Ole Martin Dahl


@InProceedings{1,
 author = {J. P. McDermott},
 title = {Attack net penetration testing},
 booktitle = {Proceedings of the 2000 workshop on New security paradigms},
 year = {2000},
 isbn = {1-58113-260-3},
 pages = {15--21},
 location = {Ballycotton, County Cork, Ireland},
 publisher = {ACM Press},
 }