If you can't exploit it, you can't secure it. I don't know if that quote has been said before, but if you are deeply interested about computer security or ethical hacking, that should be your main mantra. To fully learn how to secure a computer program, you must know how to break it and find vulnerabilities. In relation to this, there is a unique Linux distribution that is primarily created to help teach you about software security, its name is Damn Vulnerable Linux (DVL).
Damn Vulnerable Linux is a Slackware-based distro that is intentionally loaded with broken, ill-configured, outdated, and exploitable software for educational purposes. It is a 1.8GB live DVD that features easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons. It also includes a good number of tools to help users compile, debug, and break applications running on these services such as GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa, etc. You can install Damn Vulnerable Linux natively on a PC, boot it from a USB flash drive, or install it using any virtualization software.Perhaps the world's most insecure operating system (way worse than Windows), DVL will help harness your skills in reverse code engineering, buffer overflows, shellcode development, Web exploitation, SQL injection, and more. Thorsten Schneider of the International Institute for Training, Assessment, and Certification (IITAC) and Secure Software Engineering (S²e) originally created DVL as a training system used during his university lectures.
According to Schneider, the sole aim of DVL is to give users as many security tools and training options as possible. It is developed by people with remarkable black hat backgrounds, which include contributions from community members of ReverseEngineering.net and Crackmes.de. DVL provides vast amount of tutorials and break-in exercises that may contain solutions and exploits.
The tutorials are divided into three parts. The first part is all about binary exploitation, buffer overflows, format string vulnerabilities, or shellcodes. The next portion is about Web exploitation like SQL injection, path retrieval, and Web site insecurity. The last part includes reverse code engineering and copy protection analysis.
Damn Vulnerable Linux is continuously updated with more tools, training material and lessons. The author also has plans to extend DVL into a hacking wargame. Now that sounds exciting. If you are into hacking or if you simply want to learn more about computer security, then you should include DVL in your armory of hacking tools.
"If you can't exploit it, you can't secure it."
ReplyDeleteAs nonsensical as "Information wants to be free."
@anonymous, I think he /really/ means if *you* can't exploit it, *you* can't secure it. I don't think he means what I think you think he means, that is, if *it* can't be exploited, *it* can't be secured...
ReplyDeleteI agree...
I can't exploit many things, so i won't even bother trying to secure them. I'll leave that to the experts.
@Willem, thanks for clarifying that to @Anonymous.
ReplyDeleteThanks for the info, definitly will try and use this to refresh myself. I pretty much forgot everything i learned in intro to network security, which i took about 6 months ago lol.
ReplyDelete