Friday, July 25, 2008

De-ice.net pentesting live CD's

I have always admired the skills of people who are really good at penetration testing. Trying to gain access to a machine through not-so-obvious ways is something that requires a high degree of technical knowledge, proficiency with tools and a good dose of creativity. I have never been in a situation where I was commissioned to pentest a box myself, but I've dabbled enough with it lately.

My first exposure to it came when I took the SANS 504 course on Hacker Techniques, Exploits and Incident Handling. The class ends with a capture-the-flag session that I enjoyed a lot.

Since then, I've been keeping an eye open for some other challenges, and I found one at The Last HOPE. One of the speakers mentioned that www.de-ice.net hosts some bootable CD images that are used to teach people pentesting skills. They author of the CD's did a nice job and grouped them in different levels of difficulty. The de-ice CD's are designed to be breakable with the tools included on the Backtrack Live CD.

After downloading the images, I was hooked.
Unfortunately there are only three CD's out at the moment, but I am proud to say that I managed to win all three challenges. I also admit that I needed some help getting the last one; I was unfamiliar with one of the tools used and needed a little hint. With that last hint, I was able to solve the third and final challenge.
If you're into pentesting, or if you would like to get started, I wholeheartedly recommend taking a look at www.de-ice.net. While all the hackable images are Linux-based (due to licensing), they are very informative and fun to do. Don't bang your brains too hard; they progressively get more difficult!

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.