If you like this, try Insecure Programming by example [1].

[1] http://community.coresecurity.com/~gera/InsecureProgramming/

Love these things! Here's a few I have saved: http://overthewire.org/wargames/ http://smashthestack.org/wargames.html http://securityoverride.org/challenges/index.php And don't forget the CTF games: https://ctftime.org/event/list/upcoming/

This too https://www.vulnhub.com/

Can you please put the download link in some other services that supports download resumes (or, possibly torrent)? Google Drive does not seem to support resume, and, restarting leads to start from byte 1. And, this is because from where I am based at, 451MB in straight download is not a sane propostion without resume support.

Another one for all your keen folk: https://pentesterlab.com/exercises/

I've personally found them great as introductions for web-pentesting

Instructions on how to make the vagrant box: https://gitlab.com/mjwhitta/drifter/blob/master/docs/iso_onl....

Or use the ones he's already made until he gets told to take them down: https://atlas.hashicorp.com/mjwhitta

Perhaps a bit of a noob question: How would you go about running these virutal machines on OSX? Or should I just be using linux?

Edit: The answer, apparently is virtual box (https://www.virtualbox.org/wiki/Downloads)

You need to create a box without a hard drive. When you start the box you created, it will ask you for a disk image, then you can select the diskimage from exploit exercises.

Anyone can suggest good books on such topic? With examples, and explanation why, how etc.

Related to selleck's answer, I enjoy the lecturer in these FSU course videos:

https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/le...

The (minimum) reading list for that class is "Hacking" as well as "The Web Application Hackers Handbook".

Awesome! I did not realize 2014 was posted. I was planning on going through 2013:

http://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.ht...

In April. The texts for that class are "Hacking" and "Counter Hack Reloaded"

Hacking: The Art of Exploitation would be a good place to start.

Excellent, thank you very much for sharing this!

This is awesome!

Even for those who know the subject matter, building these VMs as demonstration is a long and difficult process - this is awesome not least because it's a huge amount of work by someone. :)

Having seen this I'm tempted to go build Vagrant boxes for these, so they can be updated and forked more easily.

Unfortunately these don't appear to be licensed, so unless they're declared open by the author, it'll require starting from scratch.

Why not build and then wait for DMCA, if not then it's ok to continue.

Not a bad idea actually.

Although I'd presumably have to be sure that the author is in the USA - or perhaps myself? (I'm in the UK, for reference)

The domain is WhoisGuard protected either way, so it's hard to be sure.

From the one blog post about RuxCon, I'd say the author is in Australia. Might be worth contacting them via https://ruxcon.org.au/contact-us/ as the person who made these had something to do with the CTF in 2012.

Thanks! I'll try that.

A guy I work with already did this.

Instructions on how to make the vagrant box: https://gitlab.com/mjwhitta/drifter/blob/master/docs/iso_onl...

Or use the ones he's already made until he gets told to take them down: https://atlas.hashicorp.com/mjwhitta

WOW Thank You! Very useful indeed.

Where would you go after you've compeleted these exercises?

Start exploiting bugs in real software.

could you do it after you go through this exercises?

Definitely, after you complete Nebula, Protostar and Fusion(in this order) you should be able to write exploits for real bugs.