* I haven't played with exploit-exercises yet (definitely will when I get some downtime), but I've had a blast solving the challenges at <a href="http://io.smashthestack.org:84" rel="nofollow">http://io.smashthestack.org:84</a>. They are hosted so no need to download VMs. They have a several more here that I haven't played with: <a href="http://smashthestack.org/" rel="nofollow">http://smashthestack.org/</a><p>* I recently came across a computer security course which used CTF virtual machines for an assignment (you can download the VM and see how you do against Tufts University students): <a href="http://www.cs.tufts.edu/comp/116/assignments/a04.php" rel="nofollow">http://www.cs.tufts.edu/comp/116/assignments/a04.php</a><p>* Offensive Security's "Penetration Testing with BackTrack" (PWB) course uses a series of CTF challenges as the final exam.<p>* Any recommendations on any encryption challenges in this style?<p>We are seeing a return to the old guild system of masterpieces as proof of ability and learning aid. I couldn't be happier. I'd love to see a mash up between stackoverflow's gamification and Offensive Security certification/teaching process.
I've never really had much luck with stuff like this.<p>Whenever I have tried to write code in the C to be deliberately vulnerable and have tried to overwrite memory etc it never seems to work in the way I expect.<p>For example I will have two arrays that are contiguous in memory (checking this with gdb) and I will then write a big set of values into one array that should overflow into the other. Then try and do something like print the values that should have been overflowed into but I often find I either get a segfault or that the values that are printed are actually the correct values assigned the the array that should be overwritten.<p>I haven't tried these specific puzzles with the VMs though. I always do -fno-stack-protector when compiling but I don't know if there is some other security mechanism that could be stopping it from working?
This looks awesome. I've taken a large interest in security over the last couple years and am always looking for ways to increase my knowledge in this space (FWIW, the Stanford crypto course has been great so far). This will be a good follow-on to that.