Added 120 Videos at Damn Vulnerable Linux

This was a nice day - I just have added about 120 videos at the Podcast section. Have fun

New Multimedia Section Online at Damn Vulnerable Linux

New Multimedia Section Online at Damn Vulnerable Linux. OK, after some more time of non-blogging here we go with a new advantage of the DVL portal. The multimedia link in the top menu leads you to the new video section which is hopefully easier to handle

Check out the “Cracking 128 Bit WEP-Key in one minute” which has been submitted to DVL, it is excellent

Who of you is using Damn Vulerable Linux in academia or industry?

DVL magazine down…

I have disabled the DVL magazine and replaced it with a multimedia section. Unfortunatly the community had no interest in it, so from now I will place from time to time videos and podcasts under this section. At least all what I can see is that the community is damn lazy….

Hello World to the Boomerang Decompiler

I just have added a new short video at the DVL magazine (Tool usage) on how to use the Boomerang decompiler

This project is an attempt to develop a real decompiler for machine code programs through the open source community. A decompiler takes as input an executable file, and attempts to create a high level, compilable, possibly even maintainable source file that does the same thing. It is therefore the opposite of a compiler, which takes a source file and makes an executable. However, a general decompiler does not attempt to reverse every action of the decompiler, rather it transforms the input program repeatedly until the result is high level source code. It therefore won’t recreate the original source file; probably nothing like it. It does not matter if the executable file has symbols or not, or was compiled from any particular language. (However, declarative languages like ML are not considered.)

The intent is to create a retargetable decompiler (i.e. one that can decompile different types of machine code files with modest effort, e.g. X86-windows, sparc-solaris, etc). It was also intended to be highly modular, so that different parts of the decompiler can be replaced with experimental modules. It was intended to eventually become interactive, a la IDA Pro, because some things (not just variable names and comments, though these are obviously very important) require expert intervention. Whether the interactivity belongs in the decompiler or in a separate tool remains unclear.

DVL Blog switched to a fast and clean template

Just changed the template to a fast and clean one. The old one was nice but had severe performance problems under Firefox / Linux…

Wargames@DamnVulnerableLinux.org

In my opinion it is time now to think on some challenges to provoke the community. Having a look at the latest hakin9 wargame I believe it is a good idea to do some wargames for Damn Vulnerable Linux as well. But we will differ from hakin9 wargames. Lack of hakin9 is the size of the wargame with 100 MB of size. Even the game is a full scaled operating system it is too large for just some few security auditing challenges. Using the DVL plugin concept we should be able to produce 10, 100 or 1 MB wargames which can easily placed in a DVL slot.

This is where you can help! Send me your ideas or wargame ideas but be aware: I expect that somebody can do it - I can not make everything on my own…

Designing IT security trainings for Damn Vulnerable Linux

I am back from my holidays. So I have some time to think about the training concept. This is not as easy than I thought. There are too many topics which I would like to add. Additional a large scaled training on a given topics needs a huge ammount of work and time and might not hit the interest of all - even this would be most complete.

So my idea is to produce a series of short videos each with a length between 10 and 30 minutes depending of the topic. I can produce them better in my free time than a 90 minutes presentation and demo. Content should be between beginner and intermediate - professionals know how to work with DVL.

However, I make a concept for this to prevent a confusing series of randomized topics. Ideas range from short programming or tool intros, over to tiny intros of exploitation up to some some challenges for the community…

Running Damn Vulnerable Linux from USB stick… everything is working! Hell of 4.5 hours on my laptop!

I am currently running DVL from my 2GB USB stick and it works like hell. Yesterday I managed to run even the networking (this post is written from DVL USB). Using the USB stick only I am able to work with DVL 4.5 to 5 hours on my laptop, and I really mean work (OpenOffice, Acroread, Kismet, xvidcap and so on) and not just having the laptop idling around. This is absolutely cool. Normally the batterry is down after 1.5 hours. This is an excellent advantage against standard HD installation or running DVL in a virtual machine. With this DVL is running only in memory, not wasting any energy in the HD - resulting in enormous time to work with it.

As I mentioned I am working on the new release. For this I have added xvidcap (included in next release) - and hell, it is working even with sound. I just managed to produce the first training video with sound. Yes, now we can move to design the training videos - at least an advantage for me since I have to do this during my travels…

btw: If you want to change the resolution just type at the startup console xconf and then startx/flux. I have now 1280×1024 which is maximum on this laptop.

No time to rest… the next Damn Vulnerable Linux release under development…

I thought I could rest some weeks… but I could not resist. The next release of Damn Vulnerable Linux (1.4) is under development. I added some more tools such as KDBG, a CHM viewer for ebooks and Acroread (some pdf files need this), and Latex to provide better support for writing tutorials with a DVL tutorial template (especially students need this). With this I will stop efforts in adding tools. We have all we need. Now we move to the challenges part. Some WarGames will come, so stay tuned Ups, and yes, the training will come now!

QT Vulnerability - Free provided with DVL Strychnine+E605

Trolltech, producers of the Qt library, have released a source code patch for Qt3, which fixes a security vulnerability. Bugs may lead to execution of arbitrary code during processing of crafted strings by applications which use the cross-platform C++ framework. QTextEdit element contain format string vulnerabilities and integer overflows. These can be triggered when an application linked to Qt issues an error message which incorporates text provided by the user. The bugs affect versions of Qt3 up to and including version 3.3.8. Programs using this version of the library include the KDE Desktop. Read More 1 | Read More 2

• Tags

  DVL 1.5 Wargame

• Recent Posts

  • DVL 1.5 has now left planning status. Bug Fixing started!
  • DVL 1.5 has left planning status!
  • Damn Vulnerable Linux Strychnine+605 1.4 final
  • DVL Strychnine+E605 1.4 release in January 2008!
  • Damn Vulnerable Linux Strychnine+E605 - version 1.4 under construction

• Recent Comments

  • Schneider on Damn Vulnerable Linux Strychnine+605 1.4 final
  • Benjamin on Damn Vulnerable Linux Strychnine+605 1.4 final
  • rick hall on Damn Vulnerable Linux Strychnine+605 1.4 final
  • Schneider on DVL 1.5 has now left planning status. Bug Fixing started!
  • saber on DVL 1.5 has now left planning status. Bug Fixing started!

• Categories

  • DVL E605
  • DVL Project
  • DVL Strychnine
  • Reverse Code Engineering