The DC challenges are a series of purposely vulnerable labs for the purpose of gaining experience in the world of penetration testing.

I started creating these vulnerable VMs so that beginners (people like me) can get an idea of what is involved with trying to break into a system (legally).

When I started doing these kind of challenges late last year, I found that quite a few were more like puzzles. While they were fun, I was also a bit disappointed as I wanted to find some challenges that were more...realistic. That isn't to say that they were bad or not challenging, but I did get a bit tired of seeing the same things over and over again.

So, with that in mind, you won't see:

• Any flags that have been base64 encoded
• Any brainfuck encoded flags
• Any "secret" text hidden in images (steganography)

While DC-1 and DC-2 both have hints/clues as flags, from DC-3 onwards, there are no clues, just one flag that can be obtained with root privileges (directly, or indirectly).

There are 9 DC releases in total, all of which were released in 2019.

While the DC series has come to an official end after the release of DC-9, I have created a new series called Five86.

I hope you enjoy the challenges as much as I enjoyed creating them.