Damn Vulnerable Linux, headed by Thorsten Schneider, based on Damn Small Linux, aims to deliver the Operating System in such a way that it allows Security Students first hand insight and hands on experience with Security issues within GNU/Linux in order to teach them protection and mitigation techniques The project's website describes the distribution as 'the most vulnerable, exploitable Operating System ever' and it's true, the developers have ensured that it contains outdated, ill-configured, flawed code and contains GNU/Linux 2.4 Kernel which is known to have many exploitable avenues in itself.Hi vọng Damn Vulnerable Linux sẽ trở thành một công cụ hỗ trợ đắc lực cho những ai muốn tìm hiểu về buffer overflow và disassembly:
Security is a wide topic and security issues can arise from almost everywhere. Schneider says the tutorials are split into three parts. "The first is about binary exploitation, buffer overflows, format string vulnerabilities, or shellcodes. The second is about Web exploitation such as SQL injection, path retrieval, and Web site insecurity. The third part is about reverse code engineering and copy protection analysis and teaches how vulnerable copy protections are in reality."
"The one thing that sets DVL apart the most," Sweeney says, "is the focus on buffer overflows and disassembly." Disassembly, he says, is often talked about in conjunction with buffer overflows and reverse engineering. "Disassembling is when someone breaks down a program into the assembly language for further analysis. By doing this, users can analyze code at a very low level and look for security issues. There have been many excellent papers on the subject over the years, but these generally don't come with learning tools in a self-contained, easy-to-use environment."