• Home
• Bootcamps
• Certification
• Consulting
• Contact
• Damn Vulnerable
• Imprint/AGB
• Jobs
• University
• RSS

DVL Strychnine + E605 now in size of 850 MB

Finally I have managed to reduce the DVL size from 1 GB to 850 MB. To reach CD format we still need 150 MB. Lets see what we do not need

DVL Strychnine+E605: 350 MB less!

I manage to reduce the DVL Strychnine+E605 by 350 MB. Free Pascal stays but the Lazarus frontend has gone, as well the Free Pascal sources. Result -165 MB. I identified an Oracle directory containing a client for Oracle. Result -100 MB. Some other parts and we have 350 in Live less. I remaster tomorrow to see which size we have now!

Harry Adams joins the DVL team / DVL mag

We have a new DVL team member. Harry Adams from U.S. will help as VAPI (Vulnerable Application Provider and Integrator) and will build up the vulnerable application section with focus on PHP and MySQL.

With the help from Vitor and Harry we increase speed for the next release DVL Strychnine + E605.

Meanwhile I will work this weekend on the DVL magazine prototype. It might happen that we drop the idea of a PDF magazine (hell of work) and move directly to an online magazine with integrated Flash videos (which we still can convert to a real magazine). These contents can be converted to a nice CD format - later.

A warm welcome to Harry!

Translators needed at SecurityDistro.com

Josh Sweeney is in need of people who can help to translate some articles at www.SecurityDistro.com. If you can help out to translate from english to any language get in contact with him via his website!

My blog about Secure Software Engineering

I just have started my second blog with focus on Secure Software Engineering. There I will post frequently information about models, processes, activities and methods on how to integrate the development in the software development lifecycle. Not much yet but visit me at www.Secure-Software-Engineering.com. By the way: this blog will be not very management friendly due my experiences with all these management autists out there…

Damn Vulnerable Magazine - Articles wanted!

As mentioned before I will focus soon on the first prototype of the Damn Vulnerable Magazine. However we need some good articles to fill the real mag. For this I will prepare a CfP (Call for Paper) to make it clear which contents we are looking for. As well we might exclude the videos from the .pdf file and place them separated. A .pdf file with a size between 50 and 150 might be a little big. But let the community decide when the prototype is available. Btw: we are still looking for an editor. If you are good at such things contact me!

DVL Strychnine + E605

What do you get if you mix Strychnine and E605? Some evil poison! Same with the next release of DVL. I just added some more few tools (Boomerang decompiler still makes troubles) and remastered the current DVL. Astonishing 980 MB of size. This is really poison! I had to to replace the JRE with a real JDK. DVL is now more related to IT security AND programming. I have added Free Pascal with Lazarus which has itself some evil size. Removing Lazarus might release 30 MB but what are 30 MB against 1 GB? So we need really to think about this. Shrinking to CD size means we need to drop some parts. Which? KDE? Pentesting folder? I will have some deeper look into DVL again if we can shrink the size to a CD.

We should not forget that DVL is meant to teach people at university security and programming. Adding videos will let explode the next release to something very evil. One resolution might be to go another way. (1) Shrink DVL to something in CD size and (2) to rethink the video concept. One idea is to place the training and videos into the Damn Vulnerable Magazine. Two advantages: (1) DVL size keeps small as training system and (2) we can publish more frequently lessons.

I am currently building the first Damn Vulnerable Magazine as a prototype with videos included. Still have to test if the videos included in PDF are running under Linux.

If we have Web 2.0 (which is bullshit) why shall we not have IT Security 2.0 (which is cool)?

DVL E605 under work…

Damn Vulnerable Linux E605 is now under construction. I plan to release it around October since it shall include videos and they will take some more time. The DVL size exploded now to 1 GB - I am not lucky with such size. So we see how to reduce it. maybe we need to kick KDE, who knows. Overall some few more nice tools are installed including WebGoat, Boost, and FreePascal. With this we should be final with all these tools. The /pentest/ folder has a size of 230 MB size and without KDE we might hit 500 MB less in size. But I don’t want to drop the /pentest/ folder At least the last poll “Does size matters?” said: NO. Keep the size. So OK, we move to 1,5 to 2 GB DVD size.

Thanks to Vitor for providing the WebGoat plugin which I will release soon (oh, btw: it will NOT run under DVL Strychnine which has JRE and not JDK only! I provide a link to a JDK as well)

Videos for Tools

DVL is now (from the tool perspective) 99% final. A huge collection of tools. Do you know how to use these tools? At least I believe we need a hello world for some of the important tools. This can be done as text tutorial or as tiny videos. Producing such tiny video is simple but if we include sound this starts to get time-consuming. Without sound we could integrate community much better since sound requires some good spoken english.

What do you think about this? Would this be useful or useless effort?

Editor at DVL - Magazine 2.0

One of the next steps to support and to extend the DVL project is to have a community magazine. The Damn Vulnerable Magazine is meant as a frequently published high quality magazine containing tutorials, articles, code snippets and - huhu - possible integrated videos. Newest Acrobat by Adobe supports such integrated videos and even the file size might be large(r) this might be worth to experiment with. What I do not understand is why do they convert the videos to QuickTime and not to Flash format?

However I would like to give it a try - imagine a tutorial explaining how to use a tool and you can directly see how to do this with DVL. I will place a prototype soon.

The pin point is that we need at least one editor and two journalists to produce such magazine. If you believe this could be your position in the DVL team contact me. I will add this job at Jobs@DVL as well. Experiences in such topic would be great, at least you should have some feeling for good writings and how to design a mag (tool experience!). Maybe I ask some people from other communities (e.g. Multimedia Design) as well to fill the position as an editor.

Next Page →

• News

  • RECON2008 talk: 64-bit Imports Rebuilding and Unpacking by Sébastien Doucet (IITAC)
    
  • IITAC - Sponsor of the RECON conference! Free IDA Pro training!
    

• Security Labs Blog

  • Microsoft Security Risk Management Guide - Worth a look?
    

• Damn Vulnerable Linux

  • Download DVL Strychnine+e605 1.4
  • Damn Vulnerable Linux Strychnine+E605 1.5 Alpha started
  • Video: How to setup your own language settings in Damn Vulnerable Linux
  • DVL 1.4 - first mirror up!
  • Damn Vulnerable Linux Strychnine+605 1.4 final - Mirrors contacted!

• Upcoming Bootcamps

  • 10 July:
    • BOOTCAMP: Debugging with IDA Pro Bootcamp (9:00 am)
    • BOOTCAMP: Reverse Code Engineering / Binary Analysis Fundamentals Bootcamp (9:00 am)
  • 14 July:
    • BOOTCAMP: Delphi Development Advanced (9:00 am)
  • 17 July:
    • BOOTCAMP: Debugging with IDA Pro Bootcamp (9:00 am)
    • BOOTCAMP: Relational Database Design (9:00 am)
  • 24 July:
    • BOOTCAMP: Reverse Code Engineering / Binary Analysis Advanced Bootcamp (9:00 am)
    • BOOTCAMP: C++ Fundamentals Bootcamp (9:00 am)
  • 7 August:
    • BOOTCAMP: Delphi Development Fundamentals (9:00 am)

• Get in touch

  Get in touch with our sales team! sales@iitac.org

• Get your free copy!

  

• Security Consulting

  IITAC offers additional services such as Secure Software Development, Binary Auditing, Copy Protection, Digital Rights Management, Security Concepts and Security Consulting!

  Scientific Hacking^™

  Go far beyond classical ethical hacking! Instead of using tools only look under the hood, instead of making multiple choice tests only get certified by true practical assessments!

  IDA Pro Training

  Get trained to analyze malware, vulnerability or copy protections with the no. 1 binary analysis tool IDA Pro!

  Cognitive Debugging^™

  The debugging skill of the programmer is probably the biggest factor in the ability to debug a problem, but the difficulty of software debugging varies. Cognitive Debugging^™ trains debugging with respect to brain and mental abilities! Both combined result is most powerful debugging results!

  Action-based Training^™

  IITAC professional bootcamps enhances your qualification. We provide courses, seminars, trainings and workshops in the field of IT Security, Secure Software Engineering and Software Engineering. Online training activities are supported by training videos or live online events.

  Certification acc. ISO 17024

  Get certified according to ISO/IEC 17024 100% online! No need to travel around! Learn whenever you want, where you want! Get certified home exercise like… without time pressure!