Damn Vulnerable Blog

DVL 1.5 has now left planning status. Bug Fixing started!

Schneider — Fri, 25 Jul 2008 08:55:12 +0000

DVL 1.5 has now left planning status. Bug Fixing started!

Some new additions:

Lazarus IDE
ArgoUML
BlueJ
Firefox Plugins updated

DVL 1.5 has left planning status!

Schneider — Mon, 14 Jul 2008 12:34:41 +0000

DVL 1.5 has left planning status! Beside that we have to fix several bugs we will release the first DVL Wargame as training material. Additionally the first video series is under development.

Damn Vulnerable Linux Strychnine+605 1.4 final

Schneider — Fri, 18 Jan 2008 19:31:09 +0000

DVL 1.4 final is ready to go and is uploaded at the moment. We hit the 1.6 GB size, including all necessary to train software development, IT security and Reverse Code Engineering. During the next time the mirrors will be informed. After this we post the links. As well we do a short intro video to show all features and on how to use DVL.

DVL Strychnine+E605 1.4 release in January 2008!

Schneider — Sun, 30 Dec 2007 19:40:47 +0000

DVL Strychnine+E605 1.4 will have its release in January 2008! Includes many new tools, such as the ERESI reverse engineering framework, the Eclipse IDE for Java and C/C++. With this release we close the tool addition part and move to training material only. Stay tuned!

Damn Vulnerable Linux Strychnine+E605 - version 1.4 under construction

Schneider — Sun, 14 Oct 2007 06:36:09 +0000

I just have remastered the base of DVL Strychnine+E605 version 1.4. Beside more tool additions I have done some bug fixes as well. The status is now between alpha and beta, I will do now more testing within the next time.

Remote Debugging a DVL crackme by TiGa (Team+)

Schneider — Wed, 10 Oct 2007 07:30:02 +0000

TiGa (Team+) just has finalized his second training video. In this video he uses the IDA Pro Remote Debugging capabilities to analyze a crackme located at DVL remote from a Windows box.
Team+ consists of people working to receive the famous + sign - the most recognized reputation in Reverse Code Engineering. The + sign is by invitation only and free without any fee.
The video will be published soon.
With this we will open the revamp of the Reverse Code Engineering Portal located at www.reverse-engineering.net. Using several subdomains we will extend our portfolio with a Team+ information website, a training video website and more.
Stay tuned!
Peace! Kind Regards,
Univ.-Doz. Dr. Thorsten Schneider Managing Director / CEO

New additions to Damn Vulnerable Linux 1.4

Schneider — Thu, 27 Sep 2007 07:54:28 +0000

Just a sneak preview on current changes:

[Application Development] Add LogWatch (schneider) [DVL Core] Add XEN (schneider) [Reverse Code Engineering] Add Insight GDB Debugger (schneider) [Tutorials] Add CPU Sim - An Interactive Java-based CPU Simulator (schneider) [Reverse Code Engineering] Add JAD Java Decompiler (schneider) [Tools] Add VLC Media Player (schneider) [Documentation] Add TeTex (schneider) [Documentation] Add JabRef (schneider) [Application Development] Add Kile (schneider) [Documentation] Add kDissert Mindmapper (schneider) [Peneration Testing] Add JBroFuzz (schneider) [Application Development] Add WebScarab (schneider) [Peneration Testing] Add CAL9000 (schneider) [Reverse Code Engineering] Add KDBG (schneider) [Application Development] Add xchm (schneider) [DVL Core] Add gtk libs (schneider) [Tools] Add xvidcap (schneider) [Tools] Add AcroRead (schneider) [Tools] Add Scite (schneider)

Insight GDB Debugger - own branch?

Schneider — Wed, 26 Sep 2007 17:30:01 +0000

I just had a look at the Insight GDB debugger frontend. Even it does not look like OllyDbg or Ida Pro under Windows, it seems to be a very promising tool to play with. The “frontend” is not really a frontend. It can be described as an own solution hooking to GDB and looks better than DDD. Written in tcl/tk it is easy to extend Insight. Unfortunatly it is currently not based on extensions or plugins. However I will play with it during the next days and try to extend it with a simple HelloWorld. One of my goals is to extend Insight to visualize the code and to add some additional analysis features.
I never developed much in tcl/tk so I have to optimize my skills. Should be not that hard. Next weekend I know more.
It would be great to catch one developer out of the community who can help with this. I do some announement next weekend as well. So if you are interested in developing an own outstanding GDB visual debugger and you good - and I really mean good - in developing software, go and contact me!

Results of Video Section Analysis, Training ISOs and the new Release of Damn Vulnerable Linux

Schneider — Tue, 25 Sep 2007 05:30:01 +0000

I just have done some analysis of the hits at the video section. This is really a surprise. The WEP video is top most - no surprise. But it is directly followed by Reverse Code Engineering on Windows and Assembly Language videos!
Ok. If this is what the community is interested in we will focus on it. At the moment we are developing some training ISOs at IITAC. One ISO will contain a complete course on Reverse Code Engineering on Windows including many videos (around 45) and all necessary tools (!). The ISO is NO lame tool collection but a full course and sized at the momemt with 850 MB.
For development of the assembly language videos we will use the new release of Damn Vulnerable Linux. This release includes some more tools like Insight as GDB frontend. As well some bug fixes have to be done. To produce videos I have included Wink and Xvidcap at DVL. In my case I will use Wink to build some short tutorials on how to start with assembly language using HLA High Level Assembly. All material will be collected as ISO again but will have for sure NOT 850 MB If somebody of you wants to contribute some video material contact me!

Reverse Code Engineering Portal and new training concept - finally!

Schneider — Fri, 21 Sep 2007 16:04:17 +0000

We are currently working for the revamp of the Reverse Code Engineering (RCE) Portal which will be the partner website of the Damn Vulnerable Linux portal. The RCE portal will look like the DVL portal but with a different focus - 100% reverse code engineering in all variants. With this we will combine forces and will setup a new knowledge and training concept. Heavily based on video lessons combined with training courses both portals will offer a wide range of learning options.
Training and courses will be quite different from what you might expect. Using practical training experiences we will use the “Learning-by-Teaching” methodology. This means we will enable courses for small groups where each group member has to participiate(!) in the course. Goal is to fight modern mentality: “I just want to take, but I never give”. Using this method we should have a growing number of training material by time.
This means some more thinking on the schedule and contents, but IMO this should be the best path to community knowledge.
BTW: producing a short training video is very simple and not combined with much work! Just record your screen while doing some security analysis and add some textual annotations - or add some audio. Two advantages: (1) with this you cam be sure that you have really understood a topic and (2) you take part in building a l33t knowledge base!
I will check out some free recording software today and build a “trainer” package for those not able to use commercial tools like Camtasia or Captivate (I prefer Camtasia). As well I will do a first training example this weekend.