DVL Strychnine + E605 is final!

DVL Strychnine + E605 is final! I just remastered the ISO and we land at 1050 MB size which fits perfectly on a 2 GB USB stick (and gives us more free space to add additional stuff). I will upload the ISO today and inform the mirrors. Finally after all this installation part I can play myself with it

DVL Strychnine+E605 - Teaching IT-Security + Software Development

The new release will come soon (around 2 weeks). So what can you expect? At least a full scaled training environment for ethical IT security. Lots of training exercises, all with sources - either for binary or web security training.

But DVL is more. Designed for university lectures it contains necessary programming languages and tools. Examples are given with assembly language (nasm, fasm, gas, …), C/C++, Java, Pascal, Fortran, Basic, Scheme, PHP or Cobol. The correct editors support software development exercises. Professional development is supported by KDevelop. Only Eclipse is missing which is too blown up at all and has no performance in a virtual environment. However this is not relevant since we do not develop complex Java solutions.

Does this has to do with IT security? Yes, it has! DVL is a scaled framework for security teaching purposes. Several universities are using it currently for their lectures. But security is only one side of the coin. It is highly associated to (secure) programming tasks. We can not teach people only one side of the coin. Since we plan several videos during the next time we are open to the full coin. And the coin is “multilingual”.

Just some words about the upcoming programming exercises. We will neither focus on ugly GUI development nor on API-glue-methods. We go back to the stuff for the hard guys and the real programmers: knowing about the algorithms and not the API!

btw: exercises@dvl is not very frequented. We will drop it and replace it with something better… Something more challenging…

Permission by Honeynet.org

We got permission to include the material provided by the Honeynet Project. With this we will include more papers and training material to DVL Strychnine+E605.

Finally we hit a size of 1080 MB of the remastered ISO. This fits on a 2GB sized bootable USB stick and gives you enough place to add your own material or saved data. All tries to move below 1GB failed, I managed to move to 980 Mb which does not fit on a 1GB sized stick if you want to have at least some free space for your data. So we move to the 2GB sized stick which is not that expensive and gives you enough free place.

I just tested the ISO under VMWare with 350 MB RAM which is fine at all, KDE takes some more resources so I give a further try under flux with 256 MB RAM.

DVL Strychnine+E605 should be released begin of August. Finally enough free time to plan the training activities. Unfortunatly the test with the web conferencing server failed partly. A german/german and german/italian conference worked fine, the conference to Latvia failed due severe audio problems. I give it another try next weekend. A fascinating idea to have possible real online courses next…

CodeBreakers Journal Videos uploaded

I finally managed to upload 10 GB of videos of the CodeBreakers Journal. Have fun!

more websites back online…

I have managed to put some more websites online. The bug at crackmes.de which prevented solution download is fixed (thanks to elfZ), the DVL bug tracker is back and secure-software-engineering.com is reinitialized. CodeBreakers Journal is back with a new design. As well the ProView Disassembler is back. Check it out at https://pvdasm.reverse-engineering.net.

Still missing are the CodeBreakers videos (7 GB) and the DVL iso downloads (1.5 GB) which will come this weekend but need some time to upload. Today I try to fix the training system. Some minor important subdomains will come back later.

More about secure-software-engineering.com in my next blog entry.

btw: you are welcome to submit a paper to CodeBreakers and Secure Software Engineering!

What is new and future steps

The new server is finally running. This has been a hard week with administrating and migrating all the websites. At least we have now a stable state - yesterday we had heavy problems to access most websites since the DNS entries took some time. Only 24 hours, I remember a time when such entries needed 1 week… With all this we have some new features. You can now access DVL via https (SSL), server speed should now handle all users and at least 2MB/sec of download is possible (just tested it).

What is on my stack:
I need to upload all CodeBreakers Journal videos with a size of 7GB (!) which should be done next weekend. The bug tracker is down and should be back this/tomorrow evening. I need to clarify if I can offer DVL as ISO download at my server - have to take care on the hosting companies feelings Next PEAR under PHP still makes trouble, include_path is set correct, the log is clean but the pear.php can not be found. I really hate this. If I can solve this I will reinitiate the certification and training system. Additional the web conferencing server will be installed.

Top most is the new DVL release which is now in state alpha. Vitor could not send me an additional training package since all emails have been down this weekend. After adding the package we move to beta test, so we might release the new DVL Strychnine+E605 first week of August. We hit the 1GB size so it will fit on a USB stick. DVL was never meant to run from CD. Check out the DVL Strychnine+E605 trailer!

What will come next? After the next DVL release I will need to rest some time and go back to my postdoctoral thesis (DVL is part of it). Then we focus on the training part. As an add-on new certifications are under construction now: IITAC Certified Secure C/C++ Development Professional, IITAC Certified Secure PHP Development Professional and the IITAC Certified Secure Code Auditor.

Many news, much work still left. We should have 100% in about 3 weeks.

Server migrated!

The server is migrated. We are back faster then ever

Server Crash

After 5 years with our old machine (1Ghz /256MB RAM) we had a serious server crash on June 10th. This is an emergency installation until we have our new server latest end of june. We will fly then with a 64bit system 2 processor with much more RAM. Meanwhile we might have sometimes problem, be patient with us…

DVL Strychnine+E605 fast progress

I just added the first package by Harry, some more vulnerable apps and a bunch of new tools such as Fenris. All we need now are around 5-10 more PHP apps and the same ammount of binary vulnerabilities.

Seems that we are faster than I thought. So we might release in September instead of October.

I currently stuck with a ISO size of 880 MB but still good to get installed on a USB stick (sorry for you CD freaks out there). At the moment no chance to reduce the size below 700 MB…

Finally we can start with the promised training videos as soon as possible.

How to teach a 6 year old programming…

This is my hardest teaching job ever. How to teach a 6 year old programming?

Searching the web there was only few available for this task. Most of the “learning platforms” are useless or english only. EduBuntu is one example of this. Useless games for small kids, all in english only.

Finally I found a visual programming environment. Who else than the MIT has developed it. They use this environment for their own kindergarden kids. The environment is called “Scratch” and is multilanguage enabled. However, they still lack a teaching concept so I am on my own…

Training students is one thing but small children a different one! I try to setup a training roadmap which I make public later. If you have any ideas you are welcome to post your comments.

Btw: This is the root cause why DVL has KidBasic installed. Maybe I drop the “visual programming” stuff and teach directly with KidBasic the real programming…

Why DVL is legal!

In June 2007, the German parliament passed changes to the computer crime laws, including §202c StGB, which states (unapproved translation):
Whoever prepares a crime according to §202a or §202b and who creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to

• passwords or other access codes, that allow access to data or
• computer programs whose aim is to commit a crime will be punished with up to one year jail or a fine.

Additionally, this new section is interwoven with other laws, including the ones covering terrorism. The current interpretation includes the acceptance of others committing a crime using material as violation of §202c.

Damn Vulnerable Linux is legal according to §202a, §202b and §202c! Damn Vulnerable Linux is a training environment for IT security experts in academia and NOT a hackers toolbox! It is NOT thought to enforce any illegal actions but thought to train the development of secure software. It is meant for educational purposes and teaching in university lectures. It is NOT meant to enforce any illegal actions. By downloading and using Damn Vulnerable Linux you agree to stay legal!

Until we have checked all law issues we have disabled the registration option for new members.

If you are from university and want to use Damn Vulnerable Linux for your research or lectures, contact us at info(att)DamnVulnerableLinux.org!

Assessment Priorities

Being not lazy during the last week I redesigned the teaching and assessment concept. So I asked myself: which topics will have highest priority during the time? Sure, we will release DVL Strychnine+E605 around September/October. Vitor and Harry are collecting at the moment vulnerable examples we need for training. But we need more. Topics we teach students.

So the most wanted list seems to be:

(1) Secure C/C++ Development
(2) Secure PHP Development
(3) Secure Java Development
(4) Binary Analysis / Reverse Code Engineering
(5) Forensics / Auditing
(6) Penetration Testing / Web Analysis
(7) Secure Software Engineering

All these topics need to be build upon a solid base:

(1) Course Material (Videos, Articles)
(2) Self-Assessments / Exercises
(3) Certification

So I will build upon these three pin points.

more about this soon…

Damn Vulnerable Magazine Prototype

The DV mag prototype is now online at the DVL website. You can find it under the top menu of the website. I decided to place it primary as an online magazine. With this I rearranged some sections. Ten Lessons on is now part of the mag as well as eLectures and tutorials. We deal (at the moment) with IT-Security, Software Engineering and Tool Usage. Btw: you need to login to see the magazine.

I will do a concept this week (maybe next week as well) which videos I will produce first. Again, if you can provide any articles or videos, this would be very helpful!

• Tags

  DVL 1.5 Wargame

• Recent Posts

  • DVL 1.5 has now left planning status. Bug Fixing started!
  • DVL 1.5 has left planning status!
  • Damn Vulnerable Linux Strychnine+605 1.4 final
  • DVL Strychnine+E605 1.4 release in January 2008!
  • Damn Vulnerable Linux Strychnine+E605 - version 1.4 under construction

• Recent Comments

  • Schneider on Damn Vulnerable Linux Strychnine+605 1.4 final
  • Benjamin on Damn Vulnerable Linux Strychnine+605 1.4 final
  • rick hall on Damn Vulnerable Linux Strychnine+605 1.4 final
  • Schneider on DVL 1.5 has now left planning status. Bug Fixing started!
  • saber on DVL 1.5 has now left planning status. Bug Fixing started!

• Categories

  • DVL E605
  • DVL Project
  • DVL Strychnine
  • Reverse Code Engineering