OffSec RSS Feed

Shadow AI: How Unsanctioned Tools Create Invisible Risk

Wed, 01 Apr 2026 13:17:18 GMT

Over 80% of workers use unapproved AI tools. Learn how shadow AI creates hidden attack surface and what security teams can do to detect and address it.

OffSec and Deloitte Portugal Announces Strategic Partnership

Mon, 30 Mar 2026 11:27:01 GMT

Announcing a strategic partnership with Deloitte Portugal to help organizations strengthen the technical capabilities of their security teams.

8 Ways to Stay Motivated During Exam Prep

Mon, 16 Mar 2026 17:14:13 GMT

Preparing for an OffSec certification exam is a technical and psychological journey. Here are some expert strategies to help during your OffSec exam prep!

OSCP to OSAI: How Offensive Security Practitioners Can Pivot Into AI Security

Fri, 13 Mar 2026 18:16:24 GMT

OSCP holders already have the adversarial mindset AI red teaming demands. Learn what transfers, what’s new, and how to close the gap from OSCP to OSAI efficiently.

The AI Security Skills Gap: What It Is, Where It Exists, and How to Close It

Tue, 10 Mar 2026 21:31:34 GMT

The AI security skills gap threatens enterprise AI investments. Learn where skills gaps exist across security teams and how hands-on training closes them.

Careers in Offensive AI Security: Roles, Skills, and Pathways

Fri, 27 Feb 2026 13:52:35 GMT

At OffSec, we are building OSAI, our offensive AI security certification, to help practitioners extend adversary-driven methodology into AI-enabled environments already entering production. That initiative reflects a broader shift happening across the industry. As AI-enabled features move into production systems, customer platforms, and internal operations, organizations are recognizing that these capabilities expand the attack surface

Building an AI-Ready Cybersecurity Team

Tue, 17 Feb 2026 18:14:16 GMT

A practical framework for security leaders to build AI-ready teams. Learn to assess capabilities, prioritize training, and balance AI with foundational skills.

The Skills That Will Matter for Offensive AI Security in 2026

Fri, 13 Feb 2026 13:00:14 GMT

Before tools, before frameworks, before hype, offensive security has always been about one thing: Thinking like an attacker. That foundation now defines the offensive AI security skills practitioners will need as AI reshapes the attack surface. AI systems introduce new behaviors and new failure modes, but the core mindset remains the same: understand how a

Defending Against AI-Powered Cyber Attacks: Why Your Blue Team Needs New Skills

Wed, 04 Feb 2026 16:00:21 GMT

AI-powered cyber attacks are outpacing traditional defenses. Learn the four key threat categories and the new skills blue teams need to defend against them.

CVE-2026-24061 – GNU InetUtils telnetd Authentication Bypass Vulnerability

Fri, 30 Jan 2026 16:15:44 GMT

CVE-2026-24061 enables unauthenticated attackers to exploit GNU telnetd and gain immediate root shells over the network.

Thinking Like an Attacker: How Attackers Target AI Systems

Wed, 14 Jan 2026 14:04:52 GMT

In September 2025, security researchers at Anthropic uncovered something unprecedented: an AI-orchestrated espionage campaign where attackers used Claude to perform 80–90% of a sophisticated hacking operation. The AI handled everything from reconnaissance to payload development, demonstrating that artificial intelligence has fundamentally changed the threat landscape, not just as a tool for defenders, but as both

Offensive Security in the Age of AI: Red Teaming LLM

Fri, 09 Jan 2026 17:09:19 GMT

LLMs change how red teams test applications. Explore OffSec’s LLM Red Teaming Learning Path and build practical AI testing skills.

How OffSec Maps Cybersecurity Training to Industry Frameworks

Fri, 09 Jan 2026 16:46:59 GMT

How MITRE ATT&CK, D3FEND, and NICE/NIST frameworks help connect hands-on cybersecurity training to real-world work.

Closing Out 2025 with Gratitude (and Momentum)

Fri, 19 Dec 2025 11:21:26 GMT

To the OffSec community, As 2025 comes to a close, we want to pause and say thank you. Whether you trained with us, earned a certification, hired through our platform, or cheered others on from the sidelines, you helped make this year one of our most meaningful yet. This year, we focused on one goal:

6 Benefits of a Fully Certified Cybersecurity Team

Tue, 16 Dec 2025 15:40:17 GMT

Discover 6 key benefits of a fully certified cybersecurity team, from faster onboarding to confident hiring. Learn how unified training drives performance.

Blue Team vs Red Team: Should Defenders Learn Offensive Skills?

Tue, 16 Dec 2025 15:34:28 GMT

Discover why blue team defenders benefit from red team skills. Learn how offensive knowledge improves detection, incident response, and career growth.

How Will AI Affect Cybersecurity?

Tue, 09 Dec 2025 13:36:56 GMT

As organizations deploy AI tools to improve detection accuracy, streamline investigations, and strengthen defenses, threat actors are leveraging the same technologies to develop more efficient and adaptive attack methods. This article outlines the current and emerging roles of AI in cybersecurity, including its defensive applications, its misuse by attackers, and the new attack surfaces it

How to Gain Experience in Cybersecurity

Tue, 09 Dec 2025 13:32:24 GMT

Developing meaningful experience in the cybersecurity field is a common challenge for professionals who have already entered the industry and want to advance their cybersecurity skills. As roles become more technical and responsibilities broaden, it becomes clear that foundational exposure alone is not enough. Employers expect practitioners to demonstrate practical capability, sound judgment, and the

CVE-2025-55182 – React Server Components RCE via Flight Payload Deserialization

Fri, 05 Dec 2025 17:34:41 GMT

React Server Components promise less client-side JavaScript, but that convenience can hide serious risk. Learn how CVE-2025-55182 (CVSS 10.0) enables critical RCE in the RSC ecosystem, why it happened, and how the public exploit works against React’s server-side handling.

Why Enterprises Are Moving from Generic Cyber Training to Cyber Ranges

Wed, 05 Nov 2025 15:52:20 GMT

Transform enterprise cyber training with realistic cyber ranges. Move beyond generic courses to hands-on attack simulations in production-like environments.

Unauthenticated Remote Code Execution Vulnerability in WSUS Service

Mon, 03 Nov 2025 16:50:23 GMT

CVE-2025-59287 exposes a critical WSUS deserialization flaw enabling unauthenticated remote code execution via unsafe AuthorizationCookie handling. Learn the risks and fixes.

Save 20% on OffSec’s Learn One!

Thu, 30 Oct 2025 13:03:34 GMT

Get 20% off Learn One with labs, exams, and certifications. Act fast! Discount will be gone in a flash.

From Failure to 100: How Akas Earned His OSCP+

Fri, 24 Oct 2025 11:08:32 GMT

In this guide, we’re sharing an inspiring story from one of our OSCP+ Certified Holders who embodies the journey of Try Harder. We’d like to introduce you to Akas Wisnu Aji (justakazh), a Cyber Security Consultant from Indonesia, who became certified in May 2025 after overcoming two failed attempts. Instead of giving up, Akas chose

OSCP vs. OSWE: Which Certification Fits Your Career Goals?

Wed, 22 Oct 2025 14:48:09 GMT

OSCP vs OSWE: find out which OffSec certification suits you best! Build pen testing expertise or master advanced web exploit development.

Recent Vulnerabilities in Redis Server’s Lua Scripting Engine

Mon, 20 Oct 2025 14:21:20 GMT

Discover multiple Redis CVEs, including the critical CVE-2025-49844 — a 13-year-old use-after-free vulnerability in the Lua parser that can allow remote code execution and server crashes.

The Complete Guide to Preparing for Your First OffSec Certification

Tue, 14 Oct 2025 10:34:04 GMT

Prepare for your first OffSec certification with our comprehensive guide. Learn exam structure, costs, technical requirements, and proven study strategies.

Red Teaming vs Pentesting: What’s the Difference?

Thu, 18 Sep 2025 17:02:38 GMT

Discover the differences between red teaming and penetration testing. Learn when to use each approach and how they strengthen your security posture.

How to Prevent Prompt Injection

Thu, 18 Sep 2025 17:02:14 GMT

Discover 5 strategies to prevent prompt injection in LLMs. Protect your AI systems against malicious inputs with expert security strategies from OffSec.

What Is Ethical Hacking?

Thu, 18 Sep 2025 17:02:02 GMT

Learn what ethical hacking is, how it differs from malicious hacking, and why it’s crucial for cybersecurity. Explore tools, certifications, and career paths.

Red Team Exercise

Thu, 18 Sep 2025 16:58:33 GMT

Learn how red team exercises simulate real cyberattacks to test defenses. Discover benefits, implementation steps, and how to strengthen your security posture.

Best Cybersecurity Certifications for Beginners

Thu, 18 Sep 2025 16:52:30 GMT

Discover the best entry-level cybersecurity certifications in 2025. Compare costs, career paths, and earning potential for security certifications from OffSec.

5 Signs You’re Ready for a Career in Cybersecurity

Tue, 09 Sep 2025 14:49:43 GMT

Cybersecurity is one of the most exciting and impactful fields in technology. It offers the chance to solve complex problems, protect critical systems, and make a real difference in how the world stays connected and secure. Every day brings new challenges to explore and new skills to master, making it a career path for those

9 OSCP Study Tips to Help You Succeed

Wed, 20 Aug 2025 14:16:56 GMT

We’ve gathered some of the best OSCP study tips from the community and compiled them into one place to help prepare you for your upcoming exam!

CVE-2025-29891 – Apache Camel Exploit via CAmelExecCommandArgs Header Injection

Fri, 08 Aug 2025 13:08:38 GMT

Discover how CVE-2025-29891 impacts Apache Camel via CAmelExecCommandArgs header injection. Learn how attackers exploit this misconfiguration for remote code execution and how to secure your systems.

CVE-2025-30208 – Vite Arbitrary File Read via @fs Path Traversal Bypass

Thu, 31 Jul 2025 16:51:27 GMT

Discover CVE-2025-30208, a critical arbitrary file read vulnerability in the Vite development server. Learn how remote attackers exploit @fs URL handling to access sensitive files.

Get Noticed: 5 Cybersecurity Job Hunt Tips

Thu, 31 Jul 2025 16:51:16 GMT

If you’ve already set your heart on your chosen career path, you might understand that getting noticed by the right employer isn’t always straightforward. When we speak with OffSec learners, many will say that getting the first job is the hardest part. Some candidates will spend 6–12 months job-hunting, applying to hundreds of roles with

Talent Finder: The Smarter Way to Hire and Get Hired

Thu, 31 Jul 2025 13:26:41 GMT

Talent Finder connects certified cybersecurity professionals with companies that value proven skill. It’s a smarter way to hire and get hired.

CVE-2025-27136 – LocalS3 CreateBucketConfiguration Endpoint XXE Injection

Thu, 24 Jul 2025 13:51:37 GMT

Discover how CVE-2025-27136, a critical XXE vulnerability in LocalS3’s CreateBucketConfiguration endpoint, can be exploited to access sensitive files. Learn how the flaw works and how to mitigate it.

How OffSec Certifications Help You Hire With Confidence

Mon, 21 Jul 2025 23:34:07 GMT

Hire cyber talent with confidence: OffSec certifications prove candidates can perform under pressure, not just talk the talk.

CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability

Thu, 17 Jul 2025 16:52:29 GMT

CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.

What is Phishing? Introduction to Phishing Demo (for Beginners)

Tue, 15 Jul 2025 18:36:51 GMT

Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.

CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass

Thu, 10 Jul 2025 15:27:32 GMT

Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.

CVE-2025-29306 – Unauthenticated Remote Code Execution in FoxCMS v1.2.5 via Unserialize Injection

Thu, 03 Jul 2025 14:57:12 GMT

Discover details about CVE-2025-29306, a critical RCE vulnerability in FoxCMS 1.2.5. Learn how unsafe use of PHP’s unserialize() function enables remote attackers to execute arbitrary system commands.

CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php

Thu, 26 Jun 2025 15:14:28 GMT

Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.

What It Really Means to “Try Harder”

Mon, 23 Jun 2025 14:09:10 GMT

Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.

CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage

Wed, 18 Jun 2025 14:01:57 GMT

CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.

CVE-2024-21683 – Authenticated RCE via “Add a New Language” in Atlassian Confluence

Thu, 12 Jun 2025 16:14:44 GMT

Critical RCE vulnerability (CVE-2024-21683) in Atlassian Confluence Data Center and Server (v5.2–8.9.0) allows authenticated users to execute arbitrary code via malicious code macros.

CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization

Thu, 12 Jun 2025 16:14:26 GMT

A critical RCE vulnerability (CVSS 9.9) in Roundcube Webmail (<1.5.10, 1.6.0–1.6.10) allows authenticated users to exploit a PHP deserialization flaw. Learn how it works and how to protect your systems.

CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro

Thu, 05 Jun 2025 15:39:58 GMT

An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access.

OffSec’s Take on the Global Generative AI Adoption Index

Fri, 30 May 2025 14:17:10 GMT

Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS.

CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters

Thu, 29 May 2025 15:15:15 GMT

A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint.

Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience

Wed, 28 May 2025 12:49:59 GMT

A recap of our mental health OffSec LIVE session, with tips on ensuring intentional change, self-awareness, and digital resilience in cybersecurity.

CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE

Thu, 22 May 2025 16:01:50 GMT

A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions.

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

Thu, 15 May 2025 15:41:41 GMT

Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

Thu, 08 May 2025 16:57:08 GMT

A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.

CVE-2025-29927: Next.js Middleware Authorization Bypass

Thu, 01 May 2025 17:14:45 GMT

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

When AI Becomes the Weak Link: Rethinking Supply Chain Security

Wed, 30 Apr 2025 16:39:02 GMT

AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected.

CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation

Wed, 23 Apr 2025 14:54:19 GMT

Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.

CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

Thu, 17 Apr 2025 18:30:07 GMT

Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.

How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience

Fri, 11 Apr 2025 14:57:19 GMT

Champion OSCP training in your organization to build a unified, resilient security team.

CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application

Thu, 10 Apr 2025 14:44:46 GMT

CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw.

AI Penetration Testing: How to Secure LLM Systems

Thu, 03 Apr 2025 12:36:06 GMT

Explore how AI penetration testing enhances LLM security, addressing unique vulnerabilities and improving cyber defenses.

CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android

Wed, 26 Mar 2025 17:54:27 GMT

Discover CVE-2024-9956, a critical Chrome flaw on Android allowing Bluetooth-based PassKey theft, and learn key mitigation strategies.

Learn Secure Java Development with OffSec’s New Course

Tue, 18 Mar 2025 15:19:39 GMT

Master secure Java coding with OffSec’s SJD-100 course. Enhance app security and gain hands-on experience to secure your coding practices.

Creating an Inclusive Cybersecurity Culture

Mon, 17 Mar 2025 18:39:58 GMT

Transform your cybersecurity culture by strategically improving women’s representation and cultivating meaningful inclusion.

PostgreSQL Exploit

Wed, 12 Mar 2025 19:20:12 GMT

Sharpen your hacking skills! Learn from our walkthrough of a PostgreSQL exploit in the Nibbles machine on PG Practice.

Empowering Women in Cybersecurity: How Education and Training Are Key

Fri, 28 Feb 2025 17:32:19 GMT

While women represent only 24% of the cybersecurity workforce, hands-on training is changing the game.

Women in Cybersecurity Leadership: Inspiring Role Models at the Top

Mon, 24 Feb 2025 14:09:37 GMT

Celebrate Women’s History Month by recognizing the women shaping cybersecurity and driving innovation in the industry.

Addressing the Unique Cybersecurity Challenges Faced by Government Agencies

Wed, 12 Feb 2025 14:07:34 GMT

Explore the unique cybersecurity challenges government agencies face and how tailored strategies can protect national security and public trust.

Building a Cyber-Resilient Public Sector Through Hands-on Security Training

Wed, 05 Feb 2025 19:49:38 GMT

Learn how hands-on cybersecurity training equips public sector teams to protect critical infrastructure, featuring real-world cases from Atlanta, Oldsmar, and Texas that demonstrate why practical experience trumps theoretical knowledge alone. Discover why agencies are moving beyond certifications to combat-ready security training.

CVE-2025-21298: A Critical Windows OLE Zero-Click Vulnerability

Mon, 03 Feb 2025 18:12:48 GMT

Explore CVE-2025-21298, a critical Windows OLE zero-click flaw enabling RCE via email. Learn its risks, impact, and how to defend against attacks.

My Journey with IR-200: Becoming an OffSec Certified Incident Responder (OSIR)

Fri, 24 Jan 2025 17:01:40 GMT

Embark on a journey to become an OffSec Certified Incident Responder (OSIR) through the IR-200 course, as described by a Student Mentor who tested its effectiveness.

A Student Mentor’s TH-200 and OSTH Learning Experience

Fri, 24 Jan 2025 16:57:09 GMT

Explore the TH-200 course & OSTH exam with an OffSec Mentor’s insights on mastering threat hunting skills.

OffSec Yearly Recap 2024

Mon, 23 Dec 2024 19:06:27 GMT

Join us as we explore all our successes in 2024, including exciting new content, courses, and so much more!

Red Team vs Blue Team in Cybersecurity

Fri, 13 Dec 2024 22:26:12 GMT

Learn what a red team and blue team in cybersecurity are, pros and cons of both, as well as how they work together.

Building a Future-Ready Cybersecurity Workforce: The OffSec Approach to Talent Development

Fri, 13 Dec 2024 22:24:03 GMT

Learn all about our recent webinar “Building a Future-Ready Cyber Workforce: The OffSec Approach to Talent Development”.

How to Become the Company Top Cyber Talent Wants to Join

Wed, 04 Dec 2024 15:13:57 GMT

Become the company cybersecurity talent wants to join. Learn how to attract, assess, and retain experts with strategies that set you apart.

Evolve APAC 2024: Key Insights

Thu, 21 Nov 2024 15:41:24 GMT

Discover key insights from Evolve APAC 2024 on building skills, career growth, and tackling cybersecurity challenges with expert advice.

How to Use Assessments for a Skills Gap Analysis

Tue, 19 Nov 2024 16:27:11 GMT

Discover how OffSec’s Learning Paths help organizations perform skills gap analyses, validate expertise, and strengthen cybersecurity teams.

The Human Side of Incident Response

Fri, 08 Nov 2024 17:50:10 GMT

Effective incident response requires decision-making, adaptability, collaboration, stress management, and a commitment to continuous learning.

Master Incident Response with Hands-On Training in IR-200: Foundational Incident Response

Tue, 29 Oct 2024 14:12:09 GMT

OffSec is excited to announce the immediate availability of a new course: IR-200: Foundational Incident Response.

Beyond the Resume: Effective Techniques for Qualifying Top Cybersecurity Talent

Thu, 24 Oct 2024 16:51:42 GMT

Building a cybersecurity team takes more than resumes. Discover effective techniques to identify top talent ready to tackle today’s cyber threats.

How to Upskill and Fill Cybersecurity Skill Gaps on Your Team With Custom Learning Paths

Thu, 24 Oct 2024 16:17:24 GMT

Learn how to upskill your team with tailored learning paths, ensuring relevant, actionable training for real-world challenges.

What is Incident Response?

Mon, 21 Oct 2024 15:23:41 GMT

Learn what incident response is, why it’s crucial, the steps involved, and how to build a team to effectively manage cybersecurity incidents.

How to Attract Top Cybersecurity Talent

Tue, 15 Oct 2024 17:51:23 GMT

Attract top cybersecurity talent by defining your value, supporting growth with education, fostering a positive culture, and offering flexibility.

What is Threat Intelligence?

Fri, 27 Sep 2024 14:49:19 GMT

This article explores threat intelligence, its purpose, types, and how organizations can leverage it to enhance cybersecurity.

Mental Toughness in Cybersecurity: Preparing Teams for High-Pressure Situations

Fri, 20 Sep 2024 12:38:47 GMT

Mental toughness helps cybersecurity teams improve decision-making, collaboration, and resilience, enabling them to perform under constant pressure.

The Role of Leadership in Cultivating a Resilient Cybersecurity Team

Fri, 13 Sep 2024 18:17:26 GMT

Learn about the role that leadership plays in cultivating a resilient cybersecurity team.

Navigating the Leap: My Journey from Software Engineering to Offensive Security

Fri, 13 Sep 2024 13:44:42 GMT

A software engineer’s journey into offensive security, sharing insights and tips for transitioning careers and thriving in the infosec field.

Become a Certified Threat Hunter with OffSec’s New Foundational Threat Hunting Course (TH-200)

Mon, 09 Sep 2024 20:29:25 GMT

Everything you need to know about OffSec’s new course and certification – TH:200 – Foundational Threat Hunting.

Building Cyber Resilience: How Continuous Training Fortifies Organizational Security

Mon, 09 Sep 2024 20:24:31 GMT

Explore how continuous cybersecurity training helps organizations fight cyber threats and become and remain resilient.

Key Takeaways from the Fortinet Skills Gap Report: Why Cybersecurity Training is Crucial for Mitigating Cyber Risk

Fri, 06 Sep 2024 17:08:34 GMT

The Fortinet 2024 Skills Gap report shines a light on critical issues that plague the cybersecurity industry. Here are our main takeaways.

Top 5 Best Talks from Black Hat USA 2024

Fri, 06 Sep 2024 17:02:10 GMT

The OffSec team was at the Black Hat USA 2024 conference and we are excited to share our top 5 favorite talks.

Everything you need to know about the OSCP+

Wed, 04 Sep 2024 16:38:58 GMT

We’re sharing all of the important information related to the OSCP+ so you can know what this means for past, current and future learners.

What is Threat Hunting?

Tue, 03 Sep 2024 15:51:31 GMT

Learn about what is threat hunting, the techniques, tools, how to get started in threat hunting and its importance for organizations

Key Strategies for Building Cyber Workforce Resilience

Thu, 29 Aug 2024 15:25:43 GMT

Discover the key strategies for building a cyber-resilient workforce to strengthen your organization’s cybersecurity defenses.

Overcoming Challenges in Defensive Cybersecurity Teams with an Offensive Mindset

Tue, 27 Aug 2024 16:53:37 GMT

Learn how OffSec empowers defensive cybersecurity teams to adopt an offensive mindset and overcoming their challenges.

# OffSec 500 – Community Update 1

Fri, 23 Aug 2024 19:53:26 GMT

OffSec 500 participants are making huge strides! Check out the leaderboard and read Tristram’s inspiring weight loss story.

Post-quantum Cryptography in 2024

Thu, 22 Aug 2024 11:41:22 GMT

Explore post-quantum cryptography’s rise in 2024 and how new standards prepare us for future quantum attacks, ensuring secure data.

Strengthening Your Cyber Defenses: The Critical Role of Defensive Training

Tue, 20 Aug 2024 15:15:46 GMT

Learn all about defensive cybersecurity and how OffSec’s programs empower professionals to build strong defenses.

Education Sector Common Breaches and Cyber Threats

Thu, 08 Aug 2024 19:05:42 GMT

Learn about the most common threats and biggest data breaches for the educational sector.

How to Become a Cybersecurity Engineer

Thu, 08 Aug 2024 18:57:21 GMT

Learn how to become a cybersecurity engineer, including the educational paths to follow, the crucial skills and certifications needed, and more.

Top Technology Sector Breaches and Threats

Mon, 05 Aug 2024 17:40:22 GMT

Discover the top 5 cyber threats targeting tech companies, learn from major data breaches, and explore how OffSec’s cybersecurity training can equip you to defend against evolving attacks. Safeguard your organization’s future.

What Is Cloud Penetration Testing?

Wed, 31 Jul 2024 15:12:18 GMT

Learn all about cloud penetration testing, common methods and tools, as well as the benefits and best practices.

Unleash Your Skills at OffSec’s Versus Tournament

Wed, 17 Jul 2024 13:58:06 GMT

Visit OffSec at our booth at Black Hat USA and sign up for the free Versus Tournament to test your mettle and win awesome prizes!

How to Get Into Cybersecurity: A Beginner’s Roadmap

Tue, 16 Jul 2024 16:13:49 GMT

Learn how to get into cybersecurity with our step-by-step guide to ensure a successful career.

Top Government Breaches and Threats

Tue, 16 Jul 2024 14:18:53 GMT

Explore major government breaches, common cyber threats, and how advanced cybersecurity training enhances resilience, mitigates damage, and protects critical services.

RegreSSHion exploit, CVE-2024-6387: A Write-Up

Mon, 08 Jul 2024 17:16:07 GMT

In this blog post, we will be explaining the new RegreSSHion exploit, CVE-2024-6387 and how it works.

Why Training IT Teams in Security is Essential for Every Business

Wed, 03 Jul 2024 18:25:33 GMT

Cybersecurity training for IT teams can bring many benefits to organizations of all sizes. Get the full scoop.

The 5 Biggest Cyber Threats for Financial Services

Tue, 02 Jul 2024 18:36:00 GMT

Financial institutions face a rising tide of cyber threats. This article examines the biggest cybersecurity risks, the financial fallout of breaches, and how OffSec’s training can equip you to defend your organization.

Best Cybersecurity Certifications in 2025

Mon, 01 Jul 2024 18:08:25 GMT

Learn about the best cybersecurity certifications you can find on the market to kickstart or advance your career in the field.

OffSec’s User-Generated Content

Mon, 01 Jul 2024 13:05:51 GMT

Learn about OffSec’s UGC program. Submit your machines, earn bounties, and be part of a global community.

What are the most common cyber threats in healthcare?

Fri, 28 Jun 2024 16:39:19 GMT

Learn about the most common cyber threats for the healthcare industry as well as the largest data breaches.

Launching New Vulnerable Machines in OCR

Thu, 27 Jun 2024 16:01:39 GMT

Learn about the new vulnerable machines we have added to OCR.

Kickstart Your Cybersecurity Career with OffSec’s SEC-100: CyberCore – Security Essentials

Mon, 24 Jun 2024 15:02:57 GMT

We’re thrilled to announce the immediate availability of our new course and certification SEC-100: CyberCore – Security Essentials!

Elevating Your Learning Experience: OffSec’s Latest Updates

Thu, 20 Jun 2024 12:21:03 GMT

Learn about the latest updates from OffSec – from new learner dashboard, to skill pins and custom learning – find all of the details here!

How OffSec is Leveraging AI to Enrich Your Learner Journey

Wed, 05 Jun 2024 15:35:37 GMT

We are thrilled to introduce a range of new features that utilize Artificial Intelligence to transform the cybersecurity learning landscape.

Emotional Intelligence in Cybersecurity

Thu, 30 May 2024 13:58:06 GMT

Discover the importance of emotional intelligence in cybersecurity and learn to navigate emotions for enhanced security protocols.

Infrastructure Hardening and Proactive Defense: The System Administrator’s Toolkit

Tue, 14 May 2024 14:12:27 GMT

Secure your Unix, Windows, & Web environments. OffSec’s hands-on training empowers system admins to combat cyber threats.

Cybersecurity Training and Cyber Insurance: Bridging the Gap with Continuous Improvement

Thu, 09 May 2024 18:56:36 GMT

Discover how crucial continuous and relevant training is for avoiding cyber threats and lowering cyber insurance premiums.

Continuing to support cybersecurity teams with Award winning & innovative training in April

Mon, 06 May 2024 16:04:04 GMT

Announcing new award willing continuous learning opportunities for cybersecurity professionals from OffSec.

AMSI Write Raid Bypass Vulnerability

Fri, 03 May 2024 19:38:33 GMT

In this blog post, we’ll introduce a new bypass technique designed to bypass AMSI without the VirtualProtect API and without changing memory protection.

How Cybersecurity Training Lowers Insurance Premiums

Wed, 01 May 2024 21:13:38 GMT

Discover the essential cybersecurity training elements that insurers look for and how to build a winning program.

Infrastructure Automation and Defense: Introducing DevSecOps Essentials

Tue, 23 Apr 2024 13:40:09 GMT

Accelerate your DevOps journey with OffSec. Build secure, scalable, and efficient software delivery pipelines through real-world training.

The Role of Cybersecurity Training in Compliance

Mon, 22 Apr 2024 14:01:11 GMT

Learn about the role of cybersecurity training in compliance. Discover how OffSec’s training can contribute to a strong compliance posture.

What is Cybersecurity Compliance? The Ultimate Guide

Tue, 16 Apr 2024 16:30:45 GMT

Learn about the importance of cybersecurity compliance, the most common cybersecurity compliance frameworks and how to ensure your organization is compliant.

Proactive Threat Detection: Introducing Threat Hunting Essentials

Tue, 16 Apr 2024 16:18:18 GMT

Outsmart evolving cyber threats with Threat Hunting Essentials. This hands-on training path builds expertise in threat actor analysis, advanced hunting techniques, and data analysis.

The Race Against the Hackers: How the OffSec Cyber Ranges Keep You Ahead

Mon, 15 Apr 2024 18:52:48 GMT

Stay ahead of hackers! OffSec Cyber Ranges train your team on the latest exploits for a proactive, adaptable defense.

Communication Skills in Cybersecurity

Fri, 12 Apr 2024 17:09:58 GMT

Learn about the importance of clear and effective communication skills in cybersecurity.

Behind Enemy Lines: Understanding the Threat of the XZ Backdoor

Tue, 09 Apr 2024 17:05:45 GMT

The following is an excerpt from our new module on the recent XZ Utils backdoor, CVE-2024-3094. On Mar 29, 2024, at 12:00PM ET, Andres Freund posted on the Openwall mailing list about a backdoor he discovered in the XZ Utils package. The backdoor targeted the OpenSSH binary, allowing remote code execution on impacted machines.

OffSec Versus: Revolutionizing Cybersecurity Training Through Live-Fire Collaboration

Tue, 09 Apr 2024 16:21:10 GMT

Did you know that 95% of cybersecurity breaches are caused by human error? Traditional training methods often fail to address this critical factor, leaving organizations exposed. OffSec Versus, part of the Enterprise Cyber Range, is designed to change that. It’s a live-fire training environment where your Red and Blue teams learn by doing, battling head-to-head,

Soft Skills for Cybersecurity Leaders: CISO’s Perspective

Wed, 03 Apr 2024 16:40:21 GMT

The emphasis on technical skills and knowledge in cybersecurity has always been present. However, as the field becomes increasingly complex and intertwined with every facet of business operations, the spotlight has shifted to the indispensable role soft skills hold in cybersecurity leadership. This perspective was the focal point of our recent webinar, led by Thereasa

Transform Your Cybersecurity Training with OffSec’s Cyber Ranges

Mon, 01 Apr 2024 17:56:02 GMT

In 2024, the cybersecurity landscape is bleak, with 62% of organizations acknowledging a pressing need for enhanced cybersecurity skills amidst growing digital threats. This statistic underscores the urgent demand for comprehensive training in modern cybersecurity practices. In response to this critical need, OffSec is introducing a new suite of Cyber Ranges. OffSec’s Cyber Ranges –

Importance of report writing for pen testers

Mon, 01 Apr 2024 14:22:28 GMT

Pentesters are well known for their technical skill sets, they simulate cyber attacks on computer systems, networks, or applications in a controlled environment. And, their primary goal is to identify vulnerabilities and weaknesses to assess the security posture of a target system. Much of the work they do is technical in nature, but in order

The Cybersecurity Skills Gap: Time to Step Up with OffSec’s Red Teaming and IoT Learning Paths

Tue, 26 Mar 2024 17:08:16 GMT

The cybersecurity landscape is indeed challenged by a significant skills gap, with reports highlighting the critical shortage of professionals equipped to handle escalating cyber threats. The 2023 Global Cybersecurity Skills Gap Report from Fortinet underscores the urgency of this issue, revealing that a vast majority of organizations are facing more breaches due to a lack

Starting 2024 strong – The largest launch of security training from OffSec

Thu, 14 Mar 2024 15:11:34 GMT

Strong cybersecurity relies on an understanding of the importance of security throughout the entire organization. OffSec is committed to delivering security training to offensive, defensive, development and IT teams that can best protect organizations. In the first 10 weeks of 2024, we’ve released new learning paths to support more security training across the organization. No

Cloud security training: Build secure cloud systems

Tue, 12 Mar 2024 13:44:33 GMT

The cloud’s potential is undeniable – but securing it remains a daunting challenge. A recent SC Magazine survey revealed a troubling statistic: one in four companies cite a critical cloud security skills gap. This gap leaves organizations vulnerable, as attackers exploit everything from exposed cloud storage buckets to vulnerabilities in development pipelines. Generic tutorials and

Cybersecurity training aligned with the MITRE ATT&CK framework

Tue, 12 Mar 2024 13:11:22 GMT

The MITRE ATT&CK framework was developed in 2013 as a knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is a foundation for specific threat models and methodologies in the private sector, government, and cybersecurity product and service community. This MITRE ATT&CK Enterprise framework is used by many of

The Essential Soft Skills for Cybersecurity Leaders

Tue, 05 Mar 2024 17:57:48 GMT

Learn about the essential role of soft skills in enhancing the effectiveness and resilience of cybersecurity leaders amidst evolving cyber threats.

How Is AI Used in Cybersecurity?

Mon, 26 Feb 2024 15:10:13 GMT

Learn how AI is used in cybersecurity for threat detection, security operations, and defense. Explore generative AI risks and practical integration steps.

Secure Coding – A critical skill in today’s threat landscape

Thu, 22 Feb 2024 16:31:26 GMT

Upgrade your secure coding skills with OffSec’s new Learning Paths! Master critical concepts and build resilient applications.

Beyond the Keyboard: “Try Harder” Mindset and Goals

Fri, 16 Feb 2024 16:11:32 GMT

Read a post written by Shanks, the winner of our discord blog writing challenge and hear about their journey of earning the OSCP.

The Essential Guide to Incident Response and Cyber Resilience

Tue, 06 Feb 2024 17:12:22 GMT

Guide on cyber incident response: skills, frameworks, real-world examples, and the OffSec advantage for building cyber resilience.

What InfoSec Leaders Need to Know About AI

Tue, 30 Jan 2024 16:27:43 GMT

2024 sees AI reshaping cybersecurity. Leaders must grasp AI integration, secure tools, tackle emerging threats, and foster a culture of proactive, informed security.

Deepen Your Security Acumen with OffSec’s OWASP Top 10:2021 Learning Path

Tue, 16 Jan 2024 18:01:37 GMT

OffSec’s OWASP Top 10: 2021 Learning Path is an exploration of common vulnerabilities from the perspectives of the business, attackers, and defenders

Top cyberthreats for 2024

Fri, 12 Jan 2024 20:34:50 GMT

Explore OffSec’s predictions for the top cybersecurity threats that will shape the threat landscape in 2024.

OffSec’s 2023: A year of holistic cybersecurity education and strategic growth

Mon, 18 Dec 2023 18:21:50 GMT

Explore OffSec’s transformative 2023 journey in cybersecurity education and strategic growth, highlighted by a brand refresh, extensive content updates, the launch of Learn Enterprise and the OffSec Cyber Range, and significant enhancements to Kali Linux.

Ransomware Revealed: From Attack Mechanics to Defense Strategies

Fri, 15 Dec 2023 17:11:51 GMT

Explore the evolution of ransomware attacks, their impact, types, and learn robust defense strategies against this escalating cyber threat.

Social Engineering: The Art of Human Hacking

Fri, 08 Dec 2023 17:57:57 GMT

Learn how social engineering exploits human vulnerabilities through manipulation and deception. This guide covers different tactics cybercriminals use and key strategies to protect your organization.

Navigating the Complexities of Red Team and Blue Team Cybersecurity Collaboration

Thu, 30 Nov 2023 16:57:41 GMT

Learn about how to navigate the complexities of red team and blue team cybersecurity collaboration.

Advanced Persistent Threats: OffSec’s Comprehensive Guide

Tue, 28 Nov 2023 15:41:03 GMT

Explore key strategies to safeguard against Advanced Persistent Threats (APTs), focusing on prevention, response, and recovery in cybersecurity.

Put Your Skills to the Test in OffSec’s 2023 EOY CTF

Tue, 14 Nov 2023 15:48:21 GMT

We invite PG Practice subscribers to join our EOY CTF tournament! Learn more about the competition, how to participate, and prizes.

Build Your Cybersecurity Career Path with Learn One

Wed, 08 Nov 2023 17:11:46 GMT

Learn One offers flexibility and everything you need to earn a cert and build your cybersecurity career. Discover more about this value-packed subscription.

Elevating the standard for cybersecurity education

Mon, 06 Nov 2023 19:38:00 GMT

Learn about OffSec’s unique approach to cybersecurity education. Better understand a comprehensive learning ecosystem that emphasizes a continuous cycle of learning, from hands-on offensive techniques to defensive strategies, and join a community dedicated to real-world cybersecurity excellence.

Mentorship Programs: A Crucial Element in Retaining Cybersecurity Talent

Thu, 26 Oct 2023 18:17:49 GMT

Discover how mentorship programs can aid cybersecurity skills development and retention of cybersecurity talent.

How to Build Elite Technical Teams Internally with Cybersecurity Training

Wed, 18 Oct 2023 14:18:55 GMT

Learn about strategies and best practices for upskilling and promoting internal technical team members with OffSec’s cybersecurity training.

SOC-200 OSDA Review — Offensive Security Defense Analyst

Thu, 05 Oct 2023 16:25:48 GMT

Read a review of SOC-200 (OSDA), OffSec’s defensive cybersecurity course and certification designed for job roles such as SOC Analysts and Threat Hunters.

The Role of Continuous Learning in Retaining Cybersecurity Experts

Tue, 03 Oct 2023 13:43:54 GMT

Delve into the vital role continuous learning has in retaining cybersecurity experts and explore how ongoing education and professional development programs can play a critical role.

OffSec Cyber Range Blue Webinar Recap

Tue, 26 Sep 2023 17:57:02 GMT

Recap of OffSec’s recent webinar on the Cyber Range platform, highlighting its alignment with CISO priorities and benefits for cybersecurity professionals. Discover how it bridges organizational strategy with hands-on training.

The Future of Cybersecurity: Insights from Forrester’s Latest Report

Mon, 25 Sep 2023 19:58:28 GMT

OffSec delves into Forrester’s latest report on Cybersecurity Skills & Training, highlighting pivotal insights that align with our vision for a fortified future in cybersecurity.

5 ways to leverage AI and ML for cybersecurity defense

Fri, 22 Sep 2023 18:44:37 GMT

Learn about the five ways businesses can harness artificial intelligence (AI) and machine learning (ML) to fortify their cyber defense.

Emerging threats: Adapting cyber defense to the changing landscape

Fri, 08 Sep 2023 14:22:46 GMT

As we step further into 2023, the digital world presents us with new cybersecurity challenges that can’t be ignored. Ransomware continues to evolve with smarter tactics. Cloud security, once deemed robust, faces fresh vulnerabilities as more businesses transition online. And then there’s 5G—its rapid adoption brings along a slew of concerns, making our defensive teams

Intro To Honeypots

Wed, 06 Sep 2023 18:22:37 GMT

Honeypots remain a relatively unexplored concept beyond the realms of security research organizations. This is largely due to the stigma where these types of systems are typically observed as being exploitable, therefore introducing unnecessary risk. This fear of the unknown results in lost opportunities for defenders by avoiding the topic altogether. We will help eliminate

The Power of Threat Intelligence in Cyber Defense

Thu, 31 Aug 2023 14:40:49 GMT

Enter the realm of threat intelligence, a proactive measure that offers a critical advantage to cybersecurity defense teams.

A Deep Dive into OffSec Cyber Range

Wed, 30 Aug 2023 16:39:49 GMT

Discover how OffSec harnesses the power of cyber ranges for unparalleled training and simulation. Delve into the world where hands-on experience meets cutting-edge techniques, ensuring professionals are equipped to tackle the ever-evolving cybersecurity challenges.

Strengthening Your Cybersecurity: The Power of the Three P’s and Team Training

Thu, 24 Aug 2023 14:26:28 GMT

Delve into the significance of training for cybersecurity teams in mastering the three P’s of cybersecurity: People, Processes and Products.

Why Cyber Range Platforms Matter

Fri, 18 Aug 2023 17:20:32 GMT

Learn why cyber range platforms matter, their key benefits, and how they boost hands-on cybersecurity training for security teams.

Metrics to Enhance your Cybersecurity Skills Development Program

Tue, 15 Aug 2023 19:37:03 GMT

How can you know if you are getting the most value out of cybersecurity learning? Metrics. Here is a short guide to four types of essential cybersecurity learning metrics.

Empowering the Cybersecurity Workforce: OffSec and Climb Channel Solutions Join Forces

Tue, 15 Aug 2023 14:37:57 GMT

OffSec’s partnership with Climb Channel Solutions heralds an exciting era of cybersecurity training. Learn about how our alliance will build the path to a more secure future.

OffSec’s Capture the Flag Tournament (CTF)

Mon, 14 Aug 2023 20:09:14 GMT

We invite PG Practice subscribers to join our OffSec CTF tournament! Learn more about the competition, how to participate, and prizes.

Q2 2023, Community Updates: Introducing New Learning Assets, a Unique Solution for Workforce Development, and Capture the Flag (CTF)

Wed, 09 Aug 2023 13:39:49 GMT

Dive into OffSec’s community update for Q2 2023, where we discuss new content, Learn Enterprise, and our CTF event.

Top 3 CISO concerns for 2023

Thu, 03 Aug 2023 14:11:58 GMT

As the cybersecurity landscape rapidly transforms, CISOs, and security leaders face an array of challenges while striving to protect their organizations from the ever-present cyber threats. Recently, at an event we hosted, “Sippin with OffSec,” prominent security professionals gathered to discuss various topics, and three critical themes emerged as top concerns for CISOs in 2023.

Essential Types of Metrics to Boost Support for Your Cybersecurity Learning Program – Part 2

Mon, 31 Jul 2023 17:14:50 GMT

Second part in the series where we go through the four essential metrics you should be tracking to boost support for your cybersecurity learning program.

Essential Metrics to Boost Support for Your Cybersecurity Learning Program – Part 1

Tue, 25 Jul 2023 17:11:30 GMT

Discover the four organizational and individual metrics you should be tracking to boost support for your cybersecurity learning program.

Live Training: Dallas, TX, USA

Sat, 08 Jul 2023 17:25:11 GMT

September 11-15 2023

An Overview of OffSec’s OSCE³ Certification: The Ultimate Achievement in Offensive Security

Wed, 21 Jun 2023 14:32:25 GMT

The OSCE³ certification demonstrates mastery of offensive security skills and techniques. Here’s an overview of each course and the benefits of achieving the OSCE³ certification.

Join Our #BetheResource – Torches Challenge 2023

Tue, 20 Jun 2023 13:41:41 GMT

In our Be the Resource Challenge, Tristram writes about being a torch – someone who helps guide others. Read on to discover more about his Torches Challenge.

4 Essential Strategies For Enterprise Cybersecurity Workforce Development

Mon, 05 Jun 2023 13:28:02 GMT

In our most recent webinar, we were joined by Jeremiah Roe, Field CISO at Synack. Paul Griffin, OffSec’s Head of Customer Success led the conversation about the cybersecurity talent gap and how it continues to present significant challenges for organizations across industries. Some of the key statistics shared indicate that the shortage of skilled professionals

Expanding Our Global Partner Program

Thu, 01 Jun 2023 13:25:31 GMT

Discover more about OffSec’s expanded Partner Program, including new partner types, an improved Partner Portal, and our new Rewards Program.

How OffSec’s Web Application Security Course Helps Technical Team Members Become Better Developers, Attackers, and Defenders

Wed, 31 May 2023 19:13:30 GMT

In this blog, learn about how OffSec’s web application security course helps team members become better developers, attackers, and defenders.

5 ways security leaders are using real-world exercises

Thu, 18 May 2023 13:44:14 GMT

Learn all about how modern security leaders are using to improve and upskill their security team and their capabilities.

Q1 2023 Community Updates: Brand Refresh, PEN-200 Updates, and Kali’s Tenth Anniversary

Fri, 21 Apr 2023 18:45:52 GMT

Welcome to OffSec’s Q1 2023 community update! Dive into the details behind our brand refresh, the enhanced PEN-200, Kali Linux’s 10th anniversary, and more.

New Solution: Learn Enterprise

Tue, 18 Apr 2023 12:57:50 GMT

Explore the enhancements we’re made to PEN-200 (PWK) 2023, including restructured course content, expanded Learning Modules, & Challenge Labs.

PEN-200 (PWK): Updated for 2023

Wed, 15 Mar 2023 14:24:57 GMT

Explore the enhancements we’re made to PEN-200 (PWK) 2023, including restructured course content, expanded Learning Modules, & Challenge Labs.

Experience the Refreshed OffSec

Wed, 01 Mar 2023 14:49:04 GMT

Build the path to a secure future with the refreshed OffSec! Dive into the details behind our ever-evolving learning library, new logo, and modernized name.

OffSec Yearly Recap 2022

Tue, 31 Jan 2023 17:05:14 GMT

A comprehensive OffSec yearly recap: revisit some of the highlights, wins and important cybersecurity training themes that guided us through 2022.

New 90-day Course and Cybersecurity Certification Exam Bundles

Fri, 13 Jan 2023 13:28:36 GMT

Accelerate your learning and earn an OffSec cybersecurity certification in just 90 days. Learn about the benefits of our 90-day course and cert bundles.

Q4 Community Updates: Bridging the Diversity Gap, New Payment Plans, and Industry Events

Thu, 05 Jan 2023 17:30:44 GMT

Wrapping up 2022 with OffSec’s Q4 community update! Find details about our latest community efforts, payment plans, live training, and much more.

Exploit Database 2022 Update

Thu, 10 Nov 2022 20:53:13 GMT

We’re sharing some significant updates to Exploit Database, one of OffSec’s community projects.

Staged Payloads from Kali Linux | PT Phone Home – PHP

Fri, 04 Nov 2022 19:18:35 GMT

Tristram shows you how to host a PHP web page on Kali Linux and how you can use it to stage payloads that are hidden behind a wall of conditional access requirements.

See Yourself in Cyber with OffSec: Cloud Security

Mon, 31 Oct 2022 17:23:18 GMT

As part of Cybersecurity Awareness Month 2022, we share out insights on starting a career in cloud security, together with key skills, prerequisites, career outlook, and much more.

See Yourself in Cyber with OffSec: Web Application Security

Fri, 21 Oct 2022 17:29:38 GMT

As part of Cybersecurity Awareness Month 2022, we share a complete guide to starting a career in web application security with insight into career outlook, essential skills, and much more.

Q3 Community Update | OffSec Academy, New Content, Giving Program

Fri, 14 Oct 2022 19:18:19 GMT

Welcome to OffSec’s Q3 community update! This post discusses the launch of our Giving Program, new content, OffSec Academy, and much more.

See Yourself in Cyber with OffSec: Security Operations

Wed, 12 Oct 2022 18:50:45 GMT

As part of Cybersecurity Awareness Month 2022, we share a complete guide to starting a career in security operations and defense.

See Yourself in Cyber with OffSec: Penetration Testing

Tue, 04 Oct 2022 20:30:10 GMT

As part of the Cybersecurity Awareness Month 2022, we share a complete guide to starting a career as a penetration tester.

In the Hunt for the macOS AutoLogin Setup Process

Fri, 23 Sep 2022 14:18:00 GMT

OffSec’s Csaba Fitzl shares how he reverse-engineered the macOS auto-login process, including the walls he hit, and the times he resorted to trial-and-error approaches.

Staged Payloads from Kali Linux | PT Phone Home – DNS

Thu, 15 Sep 2022 21:33:24 GMT

In part one of this post, Tristram teaches you how to use TXT records to stage payloads that can be retrieved through DNS lookups.

The Importance of Skilled Security Practitioners: How Security Skillfulness Reflects on Your Security Posture

Mon, 12 Sep 2022 20:17:27 GMT

Read about how the skillfulness of your security practitioners can impact your overall cybersecurity program and posture.

Bypassing Intel CET with Counterfeit Objects

Thu, 25 Aug 2022 19:54:50 GMT

In this blog, we’ll briefly cover how CFI mitigations works, including CET, and how we can leverage COOP to effectively bypass Intel CET on the latest Windows releases.

Offensive Security Online Community BBQ Event

Fri, 19 Aug 2022 16:23:23 GMT

Join our OffSec bbq event for the chance to win some swag! Make your favorite bbq meal and share photos on Discord. Pic with the most yums will be the winner.

OSCP Bonus Points Update: Sunsetting PEN-200 Legacy Course Exercises and a New Way to Achieve Points!

Wed, 03 Aug 2022 15:57:37 GMT

Announcing changes to achieving OSCP Bonus Points and sunsetting of the PEN-200 legacy course exercises.

Introduction to Car Hacking: The CAN Bus

Mon, 01 Aug 2022 16:56:52 GMT

The CAN bus (Controller Area Network bus) is a central network that a vehicle communicates with its components. We can think of this in regard to the fact that the vehicle has many functions that operate via electrical signals. The car has door locks, a speedometer, a gas gauge, controls for the brakes, controls for the gas pedal, and many, MANY more.

11 Tips For Beefing Up Your Resume And Getting A Job In Cybersecurity

Mon, 01 Aug 2022 16:27:28 GMT

Learn how to prepare your resume in an effective and professional manner to land a cybersecurity job.

Quarterly Community Updates: Student Discounts, OffSec Live, Partner Program, & Much More!

Mon, 18 Jul 2022 14:32:15 GMT

Welcome to our Q2 update! This post discusses the launch of student discounts, OffSec Live, our Partner Program, and much more.

Start Studying Security with SQLi

Tue, 12 Jul 2022 15:49:30 GMT

We previously explored how Cross-Site Scripting (XSS) makes for an excellent topic to understand the reach and impact of hacking. In this post, we’ll improve on conceptual understanding and try to help non-technical folks understand one of the core issues of information security: the fundamental ambiguity of code and data.

Enhanced: Learn Fundamentals

Fri, 08 Jul 2022 18:59:07 GMT

We’re excited to announce updates and new features to Learn Fundamentals that include new course Topics, badges and assessments, and much more!

Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties

Thu, 30 Jun 2022 13:13:28 GMT

TJ shows us how adversaries use macro weaponization techniques to abuse hidden functionalities contained in Office document properties.

The ever-evolving role of the CISO: Cybersecurity leadership skills needed in the future of work

Thu, 30 Jun 2022 13:11:48 GMT

Learn about the cybersecurity leadership skills modern CISOs will need to succeed in the future.

Offensive Security Welcomes Cybersecurity Bills Signed into Law

Wed, 29 Jun 2022 18:01:29 GMT

Offensive Security is proud to support the Federal Rotational Cyber Workforce Program Act and welcomes new cybersecurity bills signed into law.

Offensive Security Hails Passage of Several Cybersecurity Bills in Congress

Thu, 16 Jun 2022 16:40:00 GMT

Offensive Security welcomes passage of critical cybersecurity bills in Congress that will enhance America’s cybersecurity posture.

Helping Educational Institutions Align to NCAE-C

Thu, 16 Jun 2022 07:07:53 GMT

Learn about how Offensive Security helps educational institutions align to the National Center of Academic Excellence (NCAE-C) requirements.

Celebrate the Release of Our 100th PG-Practice Machine

Thu, 09 Jun 2022 13:59:44 GMT

We’re celebrating the release of our 100th PG-Practice machine by showcasing the evolution of our labs since their inception.

OffSec Live: PEN-200!

Wed, 08 Jun 2022 11:45:27 GMT

OffSec Live: PEN-200 is a free streaming program that will facilitate interactive learning and preparedness for the OSCP. Join us on Twitch and Discord!

3 Ways to Attract Top Cybersecurity Talent to the Federal Government

Tue, 31 May 2022 14:58:38 GMT

Protect your org from cyber threats by investing in hands-on cybersecurity skills training. Learn about how you can get the most out of your training budget.

Join Our #BetheResource Challenge

Thu, 26 May 2022 08:10:33 GMT

Protect your org from cyber threats by investing in hands-on cybersecurity skills training. Learn about how you can get the most out of your training budget.

4 Tips to Implement Online Cybersecurity Training for Your Information Technology and Security Teams

Mon, 16 May 2022 12:55:59 GMT

Protect your org from cyber threats by investing in hands-on cybersecurity skills training. Learn about how you can get the most out of your training budget.

Hands-on Cybersecurity Skills Training on a Budget: Tips to Get the Most Out of Your Money

Mon, 02 May 2022 18:38:03 GMT

Protect your org from cyber threats by investing in hands-on cybersecurity skills training. Learn about how you can get the most out of your training budget.

What is XSS

Tue, 26 Apr 2022 00:00:00 GMT

OffSec’s Jeremy Miller helps cybersecurity professionals explain hacking to laypeople using the Cross-site Scripting (XSS) vulnerability.

IRQLs Close Encounters of the Rootkit Kind

Mon, 11 Apr 2022 11:19:03 GMT

Content developer Matteo Malvica walks us through IRQLs and how hardware interrupts can be abused.

What the Pandemic Has Taught Us

Mon, 04 Apr 2022 10:28:15 GMT

OffSec’s CEO Ning Wang shares five lessons she’s learned from the pandemic. Lesson one – people are more clear about the important things in life.

New Subscription: Learn Fundamentals

Wed, 30 Mar 2022 12:22:31 GMT

Learn Fundamentals is the newest addition to the OffSec Training Library! Discover more about this entry-level cybersecurity training plan.

Modernizing our Certificates and Badges

Tue, 22 Mar 2022 12:00:15 GMT

We’re modernizing our certifications! Learn more about why we changed the issuance of accreditations from paper to digital certifications and badges.

Creating a Cybersecurity Talent Pool from Within Your Organization

Wed, 02 Mar 2022 11:00:17 GMT

A cybersecurity talent pool can fill critical positions in your organization. Learn how to identify and train employees that are interested in a career transition.

Introduction to Game Hacking

Wed, 23 Feb 2022 13:00:09 GMT

Explore our guided introduction to game hacking. Learn how data in memory can be manipulated to achieve results that are outside the normal program design.

5 Tips: How to Get a Cybersecurity Job With No Experience

Tue, 15 Feb 2022 12:00:51 GMT

Land that entry-level cybersecurity position! We share five tips on how to get a cybersecurity job with no experience, with insight from two OffSec employees.

Goals for Your Cybersecurity Career Path with New Years Resolutions

Thu, 10 Feb 2022 00:00:47 GMT

Learn how to set SMART goals for your cybersecurity career path with some great tips from Dr. Heather Monthie.

Reflections on Failure, Part Two

Tue, 08 Feb 2022 12:00:10 GMT

OffSec’s Content Product Manager Jeremy Miller continues to reflect on the meaning of failure in cybersecurity in Part II of his blog.

Reflections on Failure, Part One

Mon, 07 Feb 2022 12:00:16 GMT

OffSec’s Content Product Manager Jeremy Miller reflects on the meaning of failure in cybersecurity in Part I of his blog.

Introducing Topic Exercises

Thu, 03 Feb 2022 11:00:04 GMT

Topic Exercises within PEN-200 (PWK) give students a more trackable, interactive learning experience. Read on to discover more about this new feature.

Microsoft OneDrive for macOS Local Privilege Escalation

Mon, 31 Jan 2022 12:00:05 GMT

Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft OneDrive. Here’s how it works and how to secure it.

What to Expect From the New OSCP Exam

Thu, 13 Jan 2022 19:08:59 GMT

Three of our Student Mentors share their experiences to help you get familiar with the new OSCP exam environment. Read on to learn more about the new exam changes, their findings, and recommendations to help you better prepare for your OSCP exam.

Cognitive Biases and Penetration Testing

Wed, 08 Dec 2021 12:30:05 GMT

Jeremy “Harbinger” Miller shares with us his thoughts on cognitive biases and how they relate to penetration testing.

OSCP Exam Change

Wed, 01 Dec 2021 12:00:02 GMT

Learn about upcoming changes to the OSCP exam structure. New changes will better reflect the current PWK materials and the skills needed to be a successful information security professional.

Learn Subscriptions: Course Structure and New Courses

Wed, 17 Nov 2021 11:00:42 GMT

Our Learn subscriptions now include two new courses: SOC-200 (for cyber defense roles like SOC Analysts and Threat Hunters) & WEB-200 (for App Security Analysts and Web App Pentesters). Learn about each course and the structure of new courses added to the OffSec Training Library.

Some Thoughts on Teaching Hacking

Thu, 11 Nov 2021 13:00:13 GMT

OffSec’s Jeremy “Harbinger” Miller shares his thoughts on teaching information security, hacking and pentesting by building accurate models of systems, minds and attacks with your students.

Pythonizing Nmap

Tue, 09 Nov 2021 13:00:51 GMT

Tristram (aka gh0x0st) shares with us some tips for using python to automate nmap and other parts of your penetration testing process.

Downloads in Subscriptions

Thu, 28 Oct 2021 09:00:18 GMT

Have you subscribed to the OffSec Training Library? Learn about the development and release of the new OffSec course downloads feature.

The Value of Subscriptions

Tue, 12 Oct 2021 13:00:46 GMT

Hear from Jim O’Gorman, Chief Content and Strategy Officer on the value he sees in the new Learn One and Learn Unlimited subscriptions.

New OffSec Training Library Subscriptions: Learn One and Learn Unlimited

Tue, 21 Sep 2021 00:00:02 GMT

The OffSec Training Library is a subscription-based cybersecurity training platform. Discover more about our Learn One and Learn Unlimited subscriptions.

PowerShell Obfuscation

Mon, 23 Aug 2021 13:00:15 GMT

In this article, community moderator Tristram (gh0x0st) shares with us an approach to scripting payload obfuscation via PowerShell in order to avoid AV and AMSI detection.

Learning how to hack has a long feedback loop.

Wed, 11 Aug 2021 13:00:56 GMT

How do we learn hacking? What is OffSec’s teaching philosophy? We answer these questions and many more in our How We Teach Hacking webinar.

What’s New at OffSec – May 2021

Fri, 28 May 2021 13:00:23 GMT

Find the latest on our Discord Server Updates, our recent podcast episodes and the newest applications, tools, etc. created by our OffSec Community Members.

Introduction of Recently Retired OSCP Exam Machines in PWK Labs

Wed, 26 May 2021 16:37:40 GMT

Students can now take advantage of their PWK Labs IT network with the addition of 5 retired OSCP exam machines. Learn more about why we’ve made these changes.

eXtended Flow Guard Under The Microscope

Tue, 18 May 2021 13:00:28 GMT

Microsoft seems to be continuously expanding and evolving its set of security mitigations designed and implemented for Windows 10. In this blog post, we’ll examine an upcoming security feature called eXtended Flow Guard (XFG).

CVE-2021-1815 – macOS local privilege escalation via Preferences

Thu, 06 May 2021 13:00:19 GMT

Apple fixed three vulnerabilities in macOS 11.3’s Preferences. Here we present our writeup about how we identified one of the issues, and how we exploited it.

Intel CET In Action

Thu, 29 Apr 2021 13:00:27 GMT

In this article, we’ll examine how effective CET is at mitigating real-world exploits that make use of ROP or stack based buffer overflow vulnerabilities.

Understanding the Penetration Testing Tools and Scripts You Can Use

Thu, 22 Apr 2021 20:49:03 GMT

In this blog post Offensive Security will explain why you should take the time to understand and learn about your tools before you run them.

What’s New for April 2021

Wed, 14 Apr 2021 13:00:23 GMT

We’re spilling the details! Find out what’s new and what’s coming with this monthly recap of what’s happening at Offensive Security.

The Broader Application of Pentesting Skills

Tue, 09 Mar 2021 14:00:40 GMT

Learn how the fundamental skills taught in Penetration Testing with Kali Linux (PWK) are applicable beyond a career in pentesting.

J3rryBl4nks’s PEN-300 Approach

Tue, 09 Feb 2021 14:00:25 GMT

OSCP holder J3rryBl4nks shares his thoughts on Offensive Security’s Evasion Techniques and Breaching Defenses course.

EVASION TECHNIQUES AND BREACHING DEFENSES (PEN-300) AND OSEP EXAM REVIEW

Tue, 19 Jan 2021 14:00:17 GMT

What do you need to know before taking Evasion Techniques and Breaching Defenses (PEN-300)? Nullg0re gives us his review on the new course.

OffSec 2020 Recap

Tue, 15 Dec 2020 13:00:15 GMT

Take a look back at 2020’s course launches and updates, and learn what to expect in 2021 with this year-end recap from Offensive Security.

Student Spotlight: Perseverance with Rana Khalil

Tue, 24 Nov 2020 13:00:33 GMT

OSCP holder Rana Khalil shares her journey to becoming a cybersecurity analyst and her thoughts on what it takes to succeed.

Microsoft Teams for macOS Local Privilege Escalation

Tue, 17 Nov 2020 13:00:23 GMT

Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft Teams. Here’s how it works and how to secure it.

New Pentesting Course: PEN-300

Tue, 27 Oct 2020 09:00:44 GMT

Learn about OffSec’s new Evasion Techniques and Breaching Defenses course (PEN-300) and OSEP certification. This course is one of the replacements for CTP.

A Path to Success in the PWK Labs

Thu, 15 Oct 2020 16:00:47 GMT

As part of our ongoing efforts to support student success, we’re introducing a new learning path for the PWK labs. Find out more – along with pass rate data.

How to Build a Cybersecurity Homelab

Wed, 23 Sep 2020 16:19:15 GMT

Build your own home lab with this extensive guide from TJnull. He covers the why and how, offers points of consideration, and shares his top resources.

Wekan Authentication Bypass – Exploiting Common Pitfalls of MeteorJS

Tue, 08 Sep 2020 13:00:43 GMT

In this post, Dejan walks us through an authentication bypass vulnerability discovered in Wekan and reported by Offensive Security.

CTP Sunset FAQ

Wed, 26 Aug 2020 16:00:46 GMT

On August 13, 2020, Offensive Security announced that our Cracking the Perimeter course would be retired. Get your questions answered in this update.

Offensive Security Academy: 13 Weeks of Intense PWK Training

Tue, 25 Aug 2020 13:00:13 GMT

OffSec launched the new Academy offering to address the impacts of COVID-19 on our PWK live training schedule. Here, we look back on the first cohort.

New Developments: Retiring CTP and Introducing New Courses

Thu, 13 Aug 2020 16:00:37 GMT

On October 15, 2020, Offensive Security will retire its Cracking the Perimeter course. Find out more about this change, including what comes next.

Creating Kali i3-gaps

Tue, 11 Aug 2020 13:00:36 GMT

i3 is a tiling window manager for Linux and BSD systems. In this blog post, Arszilla gives a walk through on how he created his custom Kali i3-gaps ISO.

Starting a Career in Information Security

Tue, 04 Aug 2020 12:58:15 GMT

Considering a career in infosec? Mihai’s experience pursuing the OSCP and OSWE certs can help you determine your next steps. Get inspired with this case study.

VulnHub Joins the OffSec Family

Wed, 29 Jul 2020 13:00:02 GMT

Offensive Security is pleased to announce the acquisition of VulnHub, the platform offering free offline virtual machines for information security training.

AWAE Frequently Asked Questions

Mon, 20 Jul 2020 13:00:17 GMT

The Advanced Web Attacks and Exploitation (AWAE) course has been updated for 2020. Get your questions about AWAE and OSWE answered.

AWAE: Updated with More Content for 2020

Tue, 14 Jul 2020 11:00:11 GMT

The Advanced Web Attacks and Exploitation (AWAE) course has been updated for 2020. Learn what changed, why we did it, and how it will help you.

Offensive Security AWAE/OSWE Review

Tue, 07 Jul 2020 13:00:06 GMT

In this post Mihai gives us a review of his experience with the Advanced Web Attacks And Exploitation course after obtaining his OSWE certification.

PowerShell Hacking: Mastering PSSession and Reverse Shells on Kali Linux

Tue, 30 Jun 2020 13:00:34 GMT

In this series, Tony Punturiero (TJ Null) will be showing how to use PowerShell on Kali Linux to obtain initial access with PSSession on Windows and Linux.

Offensive Security Advanced Web Attacks and Exploitation (AWAE): What You Need To Know

Tue, 16 Jun 2020 13:00:43 GMT

What do you need to know before taking Advanced Web Attacks and Exploitation (AWAE)? OSCP holder and penetration tester Samuel Whang shares his perspective.

AMFI syscall

Tue, 09 Jun 2020 16:00:04 GMT

Csaba Fitzl covers the `dyld` restriction decision process in macOS and a previously undiscussed or undocumented AMFI (AppleMobileFileIntegrity) system call.

Offensive Security PWK 2020 Update: Should you upgrade?

Tue, 19 May 2020 13:00:59 GMT

OSCP holder Samuel Whang shares his perspective on why upgrading to the 2020 materials is worth it for those who have already completed PWK.

macOS Kernel Debugging with SIP

Tue, 12 May 2020 13:00:27 GMT

As security researchers, we often find ourselves needing to look deep into various kernels to fully understand our target and accomplish our goals. Doing so on the Windows platform is no mystery, as there have been countless well-written posts about kernel debugging setups. For macOS, however, the situation is slightly different. There are many great

Exploit Database SearchSploit Update

Tue, 05 May 2020 13:00:05 GMT

To help search the local copy of Exploit DB, we created “SearchSploit“, which gives you a powerful command line interface to perform detailed queries. SearchSploit has recently been updated. Let’s review the update and the benefits.

White Box Testing for Web Applications

Tue, 28 Apr 2020 16:00:17 GMT

How can source code review help penetration testers with web application security assessments? Learn the benefits of white box web app penetration testing.

The AWAE/OSWE Journey: A Review

Tue, 14 Apr 2020 13:00:56 GMT

Donavan Cheah gives us some of his thoughts on the subject of penetration testing, and his journey with the AWAE course in particular.

Customizing Kali Linux

Tue, 31 Mar 2020 13:00:02 GMT

One of the designers on the Kali Linux team shares his top tips and tools to customize Kali Linux. Dig in under the hood with Daniel Ruiz de Alegría.

Attacking the Web: The Offensive Security Way

Tue, 24 Mar 2020 13:00:42 GMT

OffSec student 0xklaue wrote this review of Advanced Web Attacks and Exploitation and the OSWE exam. Find out how to prepare and what you need to know.

Playbook for Running a Global Work-from-Home Company

Tue, 17 Mar 2020 17:31:09 GMT

With people located in over 24 countries, we’ve been working from our homes since our founding in 2006. Here’s five tips on how to run a distributed team effectively.

Information Security Training Paths at OffSec

Thu, 12 Mar 2020 19:45:44 GMT

Find out where to start with OffSec’s information security training courses. We outline our learning paths to certification and career development.

PWK: All New for 2020

Tue, 11 Feb 2020 01:00:36 GMT

Penetration Testing with Kali Linux (PWK) has gotten a massive overhaul for 2020. Find out what’s new in Offensive Security’s foundational pentesting course.

Student Spotlight: Mindset and Community with Suhyun Smith, OSCP

Tue, 07 Jan 2020 13:00:09 GMT

Learn how dedication, mindset, and community empowered Suhyun Smith in her OSCP certification journey, and get her tips for success.

Student Spotlight: Meet Mihai, a 16 year old OSCP holder

Tue, 10 Dec 2019 13:00:48 GMT

Meet Mihai, a 16 year old OSCP holder and PWK graduate out of Romania. Read more about his tremendous start and journey into infosec.

Student Spotlight: Flood Survivor and OSCP Graduate

Wed, 27 Nov 2019 13:00:16 GMT

OffSec student Christopher M Downs takes trying harder to another level: completing (and passing) his OSCP exam in the middle of a New Orleans flood. Read more about Christopher’s inspiring journey.

My OSCP Guide: A Philosophical Approach

Thu, 17 Oct 2019 13:00:57 GMT

Samuel Whang, a PWK graduate, details his recommendations and a unique philosophical approach for those looking to pursue their OSCP. This article originally appeared on Sep 24, 2019, posted by Samuel Whang. It has been posted with minor edits, with permission from the author. Original post: https://medium.com/@klockw3rk/my-oscp-guide-a-philosophical-approach-a98232bc818

Understanding the Fundamentals of Securing Web Applications

Tue, 08 Oct 2019 13:00:44 GMT

Web application security can be a rewarding career path. However, the web application security space, and cybersecurity industry as a whole, lives in a constant state of change. An unrelenting curiosity and passion for lifelong learning is mandatory for anyone seeking to specialize in this niche. Here are some fundamentals to help you pursue these skills.

Analyzing a Creative Attack Chain Used to Compromise a Web Application

Tue, 03 Sep 2019 13:00:54 GMT

In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).

5 Best Practices for Web Application Security

Tue, 20 Aug 2019 16:00:37 GMT

When it comes to web application security, there are many measures you can implement to reduce the chances of an intruder stealing sensitive data, injecting malware into a webpage, or public defacement. As more and more organizations transition their business operations to web applications, security in the development process can no longer be an afterthought. Whether it’s a code injection, privilege escalation, DDoS attack, or a vulnerable element, bad actors are constantly looking for creative ways to manipulate exploits for personal gain. We’ve rounded up our top five (5) best practices to help you fortify your application security.

BlackHat 2019 Recap

Tue, 13 Aug 2019 13:00:00 GMT

BlackHat has always been one of our favorite industry conferences. Although OffSec has been providing educational workshops for years at BlackHat, this was our first year holding an official booth. The booth was a major hit, as we had the opportunity to chat with long-time Offensive Security alumni and also meet some new faces…

Did you attend one our BlackHat workshops or stop by the OffSec booth? If so, we’d love to hear about your experience and any feedback you might have — tag us on Twitter @OffSecTraining!

OSCP/OSCE/OSWP Review

Tue, 23 Jul 2019 08:00:02 GMT

It’s no secret that Offensive Security offers some of the best technical training in the information security field. Their brand has become synonymous with penetration testing in the eyes of most tech recruiters on LinkedIn.

Some of the most common questions I get on LinkedIn are related to the OSCP/OSCE/OSWP certifications. Some people even go as far as asking for solutions to their exam machines. Sorry, you won’t be finding anything like that here (TRY HARDER). I will however offer an honest review and offer some tips to help you decide if you are ready to take the plunge into any of these 3 awesome courses!

This article originally appeared on Jul 20, 2019, posted by Joey Lane and has been republished unedited and in its entirety with permission from the author. Original post: https://blog.own.sh/oscp-osce-oswp-review/

Kali NetHunter App Store – Public Beta

Tue, 16 Jul 2019 17:27:50 GMT

Kali NetHunter has been undergoing a ton of changes as of late. Now supporting over 50 devices and running on Android devices from KitKat (v4.4) to Pie (v9.0), its amazing the extra capabilities that have been introduced.

But, we don’t want to stop there. After a ton of work, we are really excited to introduce the Kali NetHunter App Store!

Come see OffSec at BlackHat in Vegas

Thu, 11 Jul 2019 17:40:24 GMT

For those planning on attending Black Hat in Las Vegas on August 3-8, come stop by our booth (#2604) in the Business Hall — which will be available August 7-8. Members from many different teams of OffSec will be there and would love to meet you! Rumors are swirling that we’ll also be handing out special Challenge Coins to visitors that Try Harder… so make sure to stop by.

AWAE Exam for OSWE Certification now Available with Online Course

Mon, 13 May 2019 15:00:04 GMT

In March we released the online version of Advanced Web Attacks and Exploitations (AWAE) to amazing customer response. Thank you to everyone that has taken the course! We really appreciate the kind words and reviews. Today, we are very pleased to announce the availability of the Offensive Security Web Expert (OSWE) certification.

Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)

Tue, 19 Mar 2019 13:58:17 GMT

by Morten Schenk Windows 10 1809 Kernel ASLR Bypass Evolution When it is well-implemented, Kernel Address Space Layout Randomization (KASLR) makes Windows kernel exploitation extremely difficult by making it impractical to obtain the base address of a kernel driver directly. In an attempt to bypass this, researchers have historically focussed on kernel address leaks to

AWAE Now Available Anywhere, Anytime

Mon, 18 Mar 2019 12:29:41 GMT

Our Advanced Web Attacks and Exploitation (AWAE) live training course has been one of the fastest-selling classes at various industry events for years. The Black Hat classes perennially sell out in a matter of minutes, and every year we’re snowed under by demand from security professionals wondering when we’ll offer it online. For this reason, today we’re excited to announce AWAE is now available online…

Cheating Attempts and the OSCP

Thu, 31 Jan 2019 15:58:57 GMT

Last week, an individual started to release solutions to certain challenges in the OSCP certification exam. This led to some discussion on Twitter and made it clear to us that there is a fair amount of misunderstanding about what’s on the exam, how we catch cheaters, how many people attempt to cheat, and what happens when they are discovered. In this post, we would like to shine some light on our certification process.

Offensive Security Appoints Ning Wang as CEO to Lead Organization’s Next Stage of Growth

Tue, 15 Jan 2019 21:11:30 GMT

Today we all constantly read about data breaches that could have been prevented if the impacted organization had just done what they were supposed to do. The unfortunate reality is that cyberattacks are now a matter of ‘when’ and not ‘if’ for the average enterprise. Yet the landscape is changing and protecting your environment is actually getting more challenging not less.

Cyber adversaries are more organized and talented than ever, so an effective cyber defense now requires more than just following the right processes. Today’s enterprises need defenders who perform their jobs with an adversarial mindset. While this need is becoming more acute every day, we are also presently in the midst of an enormous cybersecurity skills shortage. These two forces are diametrically opposed and there is only one way toward resolution – practical security training.

This being the case, I couldn’t be happier to join Offensive Security as the company’s next CEO.

Exploit Database Redesign

Mon, 26 Nov 2018 17:30:29 GMT

Offensive Security is delighted to announce the complete redesign of The Exploit Database (EDB), making it easier and faster than ever to find the data you need and presenting it to you in a responsive dashboard layout.

A New Partnership

Tue, 04 Sep 2018 12:20:18 GMT

It’s been a busy few months for us here, and for good reason. Today we are proud to announce our new partners at Offensive Security – Spectrum Equity.

Offensive Security Online Exam Proctoring

Thu, 26 Jul 2018 16:32:49 GMT

When we started out with our online training courses over 12 years ago, we made hard choices about the nature of our courses and certifications. We went against the grain, against the common certification standards, and came up with a unique certification model in the field – “Hands-on, practical certification”. Twelve years later, these choices have paid off. The industry as a whole has realized that most of the multiple choice, technical certifications do not necessarily guarantee a candidate’s technical level…and for many in the offensive security field, the OSCP has turned into a golden industry standard. This has been wonderful for certification holders as they find themselves actively recruited by employers due to the fact that they have proven themselves as being able to stand up to the stress of a hard, 24-hour exam – and still deliver a quality report.

The Synology Improbability

Tue, 16 Jan 2018 16:09:35 GMT

Recently, my manager purchased a Synology NAS device for me to do some backups. Since quite a few people I know use this particular NAS (including myself now), I decided to do a quick audit on it before integrating it into my lab environment. In this blog post, I will cover two different vulnerabilities patched by Synology.

Auditing the Auditor

Wed, 05 Jul 2017 18:31:30 GMT

Some time ago, we noticed some security researchers looking for critical vulnerabilities affecting “security” based products (such as antivirus) that can have a damaging impact to enterprise and desktop users. Take a stroll through the Google Project Zero bug tracker to see what we mean.

Fldbg, a Pykd script to debug FlashPlayer

Tue, 29 Nov 2016 16:01:17 GMT

A few months ago, we decided to make a new module for our Advanced Windows Exploitation class. After evaluating a few options we chose to work with an Adobe Flash 1day vulnerability originally discovered by the Google Project Zero team. Since we did not have any previous experience with Flash internals, we expected a pretty steep learning curve.

Hacking WPA Enterprise with Kali Linux

Mon, 21 Nov 2016 22:08:49 GMT

Admittedly, somewhat of a click-bait blog post title – but bear with us, it’s for a good reason. Lots of work goes on behind the scenes of Kali Linux, tools get updated every day and interesting new features are added constantly. Most of these tool updates and feature additions go unannounced, and are then discovered by inquisitive users – however this time, we had to make an exception.

A Decade of Exploit Database Data

Mon, 02 May 2016 16:28:50 GMT

Managing the Exploit Database is one of those ongoing tasks that ends up taking a significant amount of time and often, we don’t take the time to step back and look at the trends as they occur over time. Have there been more exploits over the years? Perhaps fewer? Is there a shift in platforms being targeted? Has the bar for exploits indeed been raised with the increase in more secure operating system protections?

What it means to be an OSCP reloaded

Tue, 22 Mar 2016 13:03:11 GMT

In our recent blog post “What it means to be an OSCP” we asked OSCPs to share their experience of what it means to have earned this certification and we received many tales of hardship and reward. Mike Benich sent in an entry that we felt very much captured the essence of the Offensive Security mentality; that the path to OSCP is challenging, stressful, and demanding, but the results leave you with much more than technological expertise.

Kali Linux 2.1.2 ARM Releases

Mon, 21 Mar 2016 16:54:53 GMT

The time has come for yet another Kali ARM image release with new and updated images. Our collection of supported ARM hardware grows constantly with new images from Raspberry Pi 3, Banana Pi and Odroid-C2, with the latter being our first real arm64 image. We’re really excited about our new arm64 build environment and hope to see more 64bit ARM devices running Kali in the future. Feel free to visit our Kali Linux ARM downloads page to get the latest goodness.

Kali Rolling ISO of DOOM, Too.

Thu, 11 Feb 2016 14:54:46 GMT

A while back we introduced the idea of Kali Linux Customization by demonstrating the Kali Linux ISO of Doom. Our scenario covered the installation of a custom Kali configuration which contained select tools required for a remote vulnerability assessment. The customised Kali ISO would undergo an unattended autoinstall in a remote client site, and automatically connect back to our OpenVPN server over TCP port 443. The OpenVPN connection would then bridge the remote and local networks, allowing us full “layer 3” access to the internal network from our remote location. The resulting custom ISO could then be sent to the client who would just pop it into a virtual machine template, and the whole setup would happen automagically with no intervention – as depicted in the image below.

Kali Linux Rolling Virtual & ARM Images

Tue, 02 Feb 2016 17:25:47 GMT

With the recent release of Kali Rolling 2016.1 completed, we’ve gone ahead and updated our custom Kali VMware, VirtualBox, and ARM images. Here’s a few news items and updates that we have regarding these images for those who prefer to get them pre-built.

Kali NetHunter 3.0 Released

Wed, 06 Jan 2016 15:39:03 GMT

NetHunter has been actively developed for over a year now, and has undergone nothing short of a complete transformation since its last release. We’ve taken our time with v3.0, and the results are a complete overhaul of the NetHunter Android application, with a more polished interface and a fully functioning feature set.

Through the amazing NetHunter community work led by binkybear, fattire, and jmingov, we can now proudly look at NetHunter and confidently consider it to be a stable, commercial grade mobile penetration testing platform. And so, we are really excited with todays release of NetHunter 3.0 – let the games begin!

What it means to be an OSCP

Mon, 04 Jan 2016 17:18:27 GMT

When a student earns an Offensive Security certification such as the OSCP, it is a testament to the personal investment they have made as part of a commitment to excellence. Like getting a degree from a university, no matter what happens in your life from that point forward, the fact is your earned that certification and it is yours to keep. Saying this, there are some hard truths behind the path to OSCP.

MASSCAN Web Interface

Fri, 04 Dec 2015 14:53:45 GMT

A couple of weeks ago, we had the opportunity to scan and map a large IP address space covering just over 3 million hosts. Our tool of choice for this was the fast and capable masscan, which is packaged in Kali. While masscan has several convenient output formats, such as binary and XML, one feature we were missing was an easy way to search our results. We quickly whipped up a little web interface that would allow us to import and search within a masscan XML output file. This feature proved very useful for us – as once we identified a specific vulnerable pattern on a machine, we could easily cross reference this pattern with over the millions of discovered hosts in our database.

Kali Linux 2.0 Top 10 Post Install Tips

Wed, 12 Aug 2015 23:12:47 GMT

With Kali 2.0 now released, we wanted to share a few post install procedures we find ourselves repeating over and over, in the hopes that you will find them useful as well. We’ve also slapped in some answers to common questions we’ve been getting. Here is our top 10 list:

Kali 2.0 Dojo Black Hat / DEF CON USA 2015

Mon, 08 Jun 2015 02:38:06 GMT

Last years event was a rousing success, with many attendees staying all day long and working through the multiple exercises. We had such a great time, we wanted to do it again. This is a great chance to get hands on with Kali 2.0, learning the cutting edge features and how to best put them to use. In this two session workshop series, we will be covering how to create your own custom Kali ISO that is tweaked and modified to exactly fit your needs. This will be followed up in the second session with a hands-on exercise of deploying Kali on USB sticks so that it contains several persistent storage profiles, both regular and encrypted – including the LUKS nuke feature.

What’s New with Exploit Database?

Wed, 13 May 2015 19:29:35 GMT

New Features in the Exploit Database Over the past 6 years, we have been maintaining and updating the Exploit Database on a daily basis, which now boasts over 35,000 exploits. While we constantly work on improving our back-end and entry quality. Over the years there haven’t really been any updates to the front-end, which has

Booting Kali Linux Live Over HTTP

Mon, 11 May 2015 23:25:11 GMT

Kali Linux Features Here at Offensive Security, we tend to use Kali Linux in unconventional ways – often making use of some really amazing features that Kali Linux has to offer. One of these interesting use-cases includes booting instances of Kali Linux Live over HTTP, directly to RAM. We realized there’s little documentation around this

NetHunter 1.2 – Lollipop & Nexus 6/9

Mon, 11 May 2015 23:13:25 GMT

Kali NetHunter 1.2 Released! Kali NetHunter 1.2 is fresh out, with a whole bunch of improvements, bug fixes….and yes, Android Lollipop support. This means that NetHunter now supports the Nexus6 and Nexus 9 devices too! This is awesome news to all those who have bought these new Nexus devices and have yearned to install the

Kali Linux on a Raspberry Pi (A/B+/2) with Disk Encryption

Mon, 09 Mar 2015 08:03:17 GMT

With the advent of smaller, faster ARM hardware such as the new Raspberry Pi 2 (which now has a Kali image built for it), we’ve been seeing more and more use of these small devices as “throw-away hackboxes“. While this might be a new and novel technology, there’s one major drawback to this concept – and that is the confidentiality of the data stored on the device itself. Most of the setups we’ve seen do little to protect the sensitive information saved on the SD cards of these little computers.

OffSec InfoSec Certifications in the Job Market

Mon, 02 Feb 2015 15:11:12 GMT

A couple of weeks ago we published our comic Try Harder song, praising the OSCP certification and our students in general. It was really well received by our alumni, who related closely to the theme of “Try Harder“. However, there is a more serious undertone to this than meets the eye. Information Security Certifications Mean Little

Kali USB – Multiple Persistent Stores

Tue, 27 Jan 2015 14:56:41 GMT

One of the markings of the 1.0.7 Kali release was the introduction of Kali Live USB LUKS encrypted persistent storage, on which we further elaborated in one of our previous blog posts. However, we’re not done yet with USB persistent storage as more features in Kali remain to be explored.

Offensive Security Say – Try Harder!

Mon, 19 Jan 2015 19:07:42 GMT

Offsec students go through hell. They endure levels of stress and frustration beyond what is considered normal, and we at Offsec appreciate this. So much in fact, that we’ve dedicated the following song to anyone who’s taken an Offsec course, and tried harder!

NetHunter 1.1 Released

Mon, 05 Jan 2015 15:10:20 GMT

With the opening shots of 2015 fired, we are happy to make some announcements in the NetHunter arena! One of the things that excite us the most about Kali Linux is how our Kali projects always end up being greater than the sum of their parts. This is most evident in our Kali NetHunter Project – the first open source Android based penetration testing platform for Nexus and OnePlus devices. Wait, OnePlus phones? Yes! Our new NetHunter v1.1 release brings with it some great news – and so we begin.

Happy Holidays from Offsec

Mon, 22 Dec 2014 19:28:15 GMT

We at Offensive Security would like to thank all of our students, customers, and friends for a wonderful 2014. Its been a busy but productive year, with major upgrades to Kali Linux, the release of Kali NetHunter, the public launch of the hosted virtual labs, the first ever Kali Linux Dojo, upgrades to our student labs, lots of interesting R&D, a bunch of 0-days and a number of other accomplishments. We enjoyed the journey with all of you and here is to a fun and productive 2015! We wanted to thank you with this video we produced for all y’all.

Professional Penetration Testing Labs

Mon, 15 Dec 2014 18:42:25 GMT

For the past few months, we have been quietly beta testing and perfecting our new Enterprise Penetration Testing Labs, or as we fondly call it, the “Offensive Security Proving Grounds (PG)”. Today, we are proud to unveil our hosted penetration testing labs – a safe virtual network environment designed to be attacked and penetrated as a means of learning and sharpening your penetration testing skills. The new design of the Proving Grounds include multiple interconnected subnets with a wide array of modern operating systems, including Active Directory domains, Citrix systems, corporate Antivirus solutions as well as Intrusion Prevention Systems which attackers must learn to cope with.

Bypassing Windows and OSX Logins with NetHunter & Kon-boot

Mon, 08 Dec 2014 16:05:05 GMT

The Kali Linux NetHunter platform has many hidden features which we still haven’t brought to light. One of them is the DriveDroid application and patch set, which have been implemented in NetHunter since v1.0.2. This tool allows us to have NetHunter emulate a bootable ISO or USB, using images of our choosing. That’s right, you can use NetHunter as a boot device which holds a library of bootable ISOs and images…And so we begin:

Kali with Raspberry Pi TFT support

Wed, 19 Nov 2014 20:42:16 GMT

Several weeks ago a request in the Kali forums prompted us to look at the integration of the Adafruit 2.8in TFT touch screen for Kali Linux. A few weeks and much less hair later, we are happy to announce the availability of this image in our Offensive Security custom Kali images section.

Disarming and Bypassing EMET 5.1

Tue, 18 Nov 2014 14:46:58 GMT

Last week Microsoft released EMET 5.1 to address some compatibility issues and strengthen mitigations to make them more resilient to attacks and bypasses. We, of course, were curious to see if our EMET 5.0 disarming technique has been addressed by the latest version of the toolkit.

Kali Nexus NetHunter 1.0.2

Wed, 01 Oct 2014 15:06:52 GMT

It’s been a week since our release of the Kali Linux NetHunter, and the feedback is amazing. A NetHunter community has sprung up from nowhere, and the forums and github pages are really active. We’re completely stoked about this community response, and are eager to see it grow. After an intense week of community testing and a slew of bugfixes (including shellshock), we thought it would be a good opportunity to release a NetHunter update. Please welcome NetHunter 1.0.2.

Disarming EMET v5.0

Mon, 29 Sep 2014 17:11:39 GMT

In our previous Disarming Emet 4.x blog post, we demonstrated how to disarm the ROP mitigations introduced in EMET 4.x by abusing a global variable in the .data section located at a static offset. A general overview of the EMET 5 technical preview has been recently published here.

Symantec Endpoint Protection 0day

Tue, 29 Jul 2014 14:46:22 GMT

In a recent engagement, we had the opportunity to audit a leading Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.

Disarming Enhanced Mitigation Experience Toolkit (EMET)

Tue, 01 Jul 2014 19:04:08 GMT

With the emergence of recent Internet Explorer Vulnerabilities, we’ve been seeing a trend of EMET recommendations as a path to increasing application security. A layered defense is always helpful as it increases the obstacles in the path of an attacker. However, we were wondering how much does it really benefit? How much harder does an attacker have to work to bypass these additional protections? With that in mind, we started a deep dive into EMET.

Kali Linux Evil Wireless Access Point

Tue, 10 Jun 2014 16:29:05 GMT

A few days ago, we had the opportunity to deploy a rogue access point that would steal user credentials using a fake, captive web portal, and provide MITM’d Internet services via 3G. We needed reliability and scalability in our environment as there would potentially be a large amount of, erm….”participants” in this wireless network. We were pretty happy with the result and quickly realized that we had created a new “Kali Linux recipe”. Or in other words, we could create a custom, bootable wireless evil access point image, which could do all sorts of wondrous things.

Announcing the Kali Linux Dojo

Wed, 28 May 2014 22:19:22 GMT

For the past 6 months, we’ve been busy silently developing an advanced Kali Linux course the likes of which has not yet been seen in the industry. This set of in-depth, practical workshops focuses on the Kali operating system itself, demonstrating some of its advanced features and use-cases by its developers. As with all “Offensive Security” training, this workshop is intensive, educational, and addictively engaging. If you’ve ever wished for fluent proficiency with Kali Linux, this workshop is for you.

Kali Encrypted USB Persistence

Tue, 27 May 2014 13:02:41 GMT

A couple of days ago, we added an awesome new feature to Kali allowing users to set up a Live Kali USB with encrypted persistence. What this means is that you can now set up a bootable Kali USB drive allowing you to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, allowing you to securely save your changes on the USB drive between reboots. If you add our LUKS nuke feature into this mix together with a 32GB USB 3.0 thumb drive, you’ve got yourself a fast, versatile and secure “Penetration Testing Travel Kit”.

Kali Linux Recipes

Wed, 23 Apr 2014 15:24:23 GMT

A couple of days ago, we received an e-mail from a university professor asking for advice regarding Linux distributions to be used in his security 101 classes. In its default configuration, Kali Linux wasn’t a 100% match for his needs, which were quite specific:

Kali Linux Trademarks

Mon, 17 Mar 2014 17:38:14 GMT

It’s been a year since we’ve released Kali Linux, and we’re happy to see it succeed. Kali has surpassed BackTrack Linux in many ways and the community is responding accordingly. Between the improved development cycle, more attentive support, and larger community, Kali Linux has reached new heights of popularity. This popularity however, does not come without its own issues. One of the big problems we’ve been facing in the past year is rampant violations of our Kali Linux Trademarks.

Generating Kali Raspberry Pi Images

Mon, 27 Jan 2014 15:10:05 GMT

“Kali Linux Raspberry Pi Image Updated!” That was supposed to be the “tweet” we would release, telling everyone our new Kali Linux Raspberry Pi image was supposedly better than our old one. We often update our followers with news like this on twitter, and this tweet would be no different. However, this time, we thought it would be interesting to tell you about the mechanics of updates like these, and shed some light on how these “news items” come about. This post will also give us the opportunity to describe the process of running our custom Kali Linux ARM build scripts, by way of a story. If you couldn’t care less about this story, and just want the updated image – head straight to our Kali Linux Custom Image page!

Exploit Database Hosted on GitHub

Tue, 07 Jan 2014 14:38:52 GMT

We have recently completed some renovations on the Exploit Database backend systems and moved the EDB exploit repository to Github. This means that it’s now easier than ever to copy, clone or fork the whole repository. The previous SVN CVS has been retired.

Bug Bounty Program Insights

Mon, 23 Dec 2013 14:07:40 GMT

With the nature of our business, we at Offensive Security take our system security very seriously and we appreciate the benefits of having “the crowd” scrutinize our internet presence for bugs. For this reason, we recently started our own Bug Bounty Program, which provides incentives for researchers to inform us of possible vulnerabilities in our sites in exchange for cash rewards.

Penetration Testing with Kali Linux – Online Course Update

Thu, 19 Dec 2013 20:26:41 GMT

Over a year ago, when we first sat down and began on what would become Kali Linux, we realized that with all the major changes, we would also need to update our flagship course, Penetration Testing with BackTrack (PWB), to be inline with Kali Linux. With the release of Kali, we ensured that we mentioned the impact this would have on PWB and that an update to the course was in the works.

NDPROXY Local SYSTEM exploit CVE-2013-5065

Wed, 04 Dec 2013 02:11:58 GMT

In the past few days there has been some online chatter about a new Windows XP/2k3 privilege escalation, well documented by FireEye. Googling around, we came across a Twitter message which contained a link to a Chinese vulnerability analysis and PoC.

Penetration Test Report 2013

Tue, 03 Sep 2013 14:57:58 GMT

We are proud to release a new, updated, sample penetration test report. This report accurately reflects the types of assessments we conduct for our clients. It incorporates changes we have made over the last two years based on customer feedback, as well as reflecting many of the types of attacks we have found to be effective in multiple customer environments.

Kali Linux ISO of Doom

Tue, 27 Aug 2013 11:36:21 GMT

In our last blog post, we provided an example of running an unattended network installation of Kali Linux. Our scenario covered the installation of a custom Kali configuration which contained select tools required for a remote vulnerability assessment using OpenVAS and the Metasploit Framework.

Kali Linux Unattended PXE Install

Mon, 12 Aug 2013 11:00:53 GMT

Our last blog post on the Kali Linux site discussed implementing some cool scenarios with Kali Linux, such as remote unattended installations, creating custom Kali Linux ISOS, and getting Kali working on funky ARM hardware. We received several emails from people asking for more information on how to implement these scenarios, so we thought we’d make a few blog posts with more detailed examples.

Kali Linux on a Galaxy Note 10.1

Tue, 02 Apr 2013 13:58:30 GMT

Here at Offsec, we love playing with hardware. Be it something like the Onity Hotel Door Unlocker, a Teensy USB HID attack payload, or RFID hacks – if it’s shiny, we like it. While we were in the last stages of developing Kali Linux, we made the effort to to get Kali working on some ARM hardware, such as the Samsung Chromebook, Odroid U2, Raspberry Pi and RK3306 devices such as the SS808, and then contributed these to the community as “Unofficial Trusted Images”, together with the Official Kali Linux downloads.

Kali Linux Has Been Released!

Wed, 13 Mar 2013 07:00:18 GMT

Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We’ve taken all of this knowledge and experience and implemented it in our “next generation” penetration testing distribution.

BackTrack Reborn – Kali Linux

Tue, 22 Jan 2013 11:40:42 GMT

It’s been 7 years since we released our first version of BackTrack Linux, and the ride so far has been exhilarating. When the dev team started talking about BackTrack 6 (almost a year ago), each of us put on paper a few “wish list goals” that we each wanted implemented in our “next version”. It

Yahoo DOM XSS 0day – Not fixed yet!

Tue, 08 Jan 2013 16:59:49 GMT

After discussing the recent Yahoo DOM XSS 0day with Shahin from Abysssec.com, it was discovered that Yahoo’s fix set in place on 6:20 PM EST, Jan 7th, 2013 is not effective as one would hope.

Fun with AIX Shellcode and Metasploit

Tue, 20 Nov 2012 13:53:50 GMT

In one of our recent pentests, we discovered an 0day for a custom C application server running on the AIX Operating System. After debugging the crash, we discovered that the bug could lead to remote code execution and since we don’t deal very often with AIX exploitation, we decided to write an exploit for it. The first steps were accomplished pretty quickly and we successfully diverted the execution flow by jumping to a controlled buffer. At this point, we thought we could easily generate some shellcode from MSF and enjoy our remote shell.

CA ARCserve – CVE-2012-2971

Tue, 30 Oct 2012 18:12:27 GMT

On a recent penetration test, we encountered an installation of CA ARCserve Backup on one of the target systems that piqued our interest. Like most “good” enterprise applications, ARCserve has processes that are running as SYSTEM so naturally, we went straight to work looking for vulnerabilities.

Onity Door Unlocker, Round Two.

Tue, 23 Oct 2012 15:45:33 GMT

On one of our engagements, we figured an Onity Hotel door unlocker would be useful to us. Inspired by the “James Bond” type setup we saw on the Spiderlabs blog post, we thought we’de try to build a small, simple and “TSA friendly” version of the Onity key unlocker.

Stand-Alone EM4x RFID Harvester

Thu, 27 Sep 2012 14:40:40 GMT

Continuing off from our last RFID Cloning with Proxmark3 post, we wanted to build a small, portable, stand-alone EM4x RFID tag stealer. We needed an easy way of storing multiple tag IDs whilst “rubbing elbows” with company personnel. The proxmark3 seemed liked an overkill and not particularly fast at reading em4x tags so we figured we’d try hooking up our RoboticsConnection RFID reader to a Teensy and see if we could make them play nicely together.

RFID Cloning with Proxmark 3

Mon, 24 Sep 2012 09:30:20 GMT

Our Proxmark 3 (and antennae) finally arrived, and we thought we’d take it for a spin. It’s a great little device for physical pentests, allowing us to capture, replay and clone certain RFID tags.

Offsec BlackHat / Defcon Scavenger Hunt

Tue, 24 Jul 2012 04:51:12 GMT

Are you in Vegas for BlackHat and Defcon ? Are you desperately looking for Offensive Security schwag ? We are giving out Metasploit books, BackTrack Challenge coins and large sized BackTrack Decals in this years BlackHat and Defcon conferences. So, what exactly does one need to do to get these wonderful, sought after gifts ? It’s easy:

FreePBX Exploit Phone Home

Fri, 23 Mar 2012 05:44:37 GMT

During a routine scan of new vulnerability reports for the Exploit Database, we came across a single post in full disclosure by Martin Tschirsich, about a Remote Code Execution vulnerability in FreePBX. This vulnerability sounded intriguing, and as usual, required verification in the EDB. At first glance, the vulnerability didn’t jump out at us, especially as we are not familiar with the inner workings of asterisk. After a couple of emails back and forth with Martin, the path to code execution became clearer:

Announcing the OSEE Certification

Mon, 16 Jan 2012 21:48:52 GMT

Since the inception of our Advanced Windows Exploitation (AWE) course, our students (who are always searching for more pain) have been asking for an accompanying certification exam. We are very pleased to announce the launch of the Offensive Security Exploit Expert (OSEE) certification.

PWB in the Caribbean, Part 3

Wed, 28 Dec 2011 00:58:07 GMT

In Part 2 of our series of posts on the recent PWB in the Caribbean course, Johnny was desperately seeking an exit from the upcoming pain that is exploit development. However, he didn’t come up with an escape plan quickly enough and his tale continues in this latest diary entry.

PWB in the Caribbean, Part 2

Wed, 21 Dec 2011 08:30:26 GMT

In our ongoing series covering our most recent live PWB in the Caribbean course, Johnny picks up from Part 1 and provides an inside and personal look at the course as it picks up speed and increases in difficulty.

Offensive Security Wireless Attacks Updated

Wed, 07 Dec 2011 01:00:02 GMT

At long last, our highly rated Wireless Attacks Course (Wi-Fu) has been updated to version 3! This is a major revision of the course with a complete restructure and redesign of the course content with a far broader range of attack techniques.

MS11-080 Exploit – A Voyage into Ring Zero

Tue, 06 Dec 2011 01:00:27 GMT

Every patch Tuesday, we, like many in the security industry, love to analyze the released patches and see if any of them can lead to the development of a working exploit. Recently, the MS11-080 advisory caught our attention as it afforded us the opportunity to play in the kernel and try to get a working privilege escalation exploit out of it.

Advanced Windows Exploitation Updated

Wed, 12 Oct 2011 15:38:24 GMT

Our Advanced Windows Exploitation (AWE) live course in Columbia, Maryland is fast approaching with a start-date of October 24. Not only is the first time we have offered this training outside of BlackHat, it is also the first time we are able to offer a full 5 days of training and a limited number of seats are still available for this intense course.

Metasploit: A Penetration Testers Guide

Tue, 12 Jul 2011 05:00:09 GMT

Offensive Security is happy to announce the availability of Metasploit, The Penetration Tester’s Guide – A new book by Dave Kennedy (ReL1K), Devon Kearns (dookie), Jim O’Gorman (_Elwood_), and Mati Aharoni (muts). The book is released through No Starch Press.

MSFU Updates – June 2011

Thu, 16 Jun 2011 13:14:23 GMT

Over this past month, we have put a great deal of time into bringing our free online course, Metasploit Unleashed in line with BackTrack 5. The majority of these changes are cosmetic in nature but they should help to reduce confusion for newcomers to Metasploit and BackTrack while ensuring a consistent look throughout. We have also taken this opportunity to do more functionality verification in the course.

MSFU Updates – May 2011

Mon, 16 May 2011 09:25:29 GMT

This month, even with the rampant development and release of BackTrack 5, we still devoted some time to updating Metasploit Unleashed. The Metasploit team is making a great deal of progress switching over to post-exploitation modules so we focused entirely on them this month and added many to the Metasploit Module Reference section.

MSFU Updates – April 2011

Mon, 18 Apr 2011 11:29:17 GMT

This past month has seen more additions to our free Metasploit Unleashed training course, primarily in our on-going effort to build out the Metasploit Module Reference section. Also, with the Metasploit team moving away from meterpreter scripts in favor of post-exploitation modules, we have been updating the relevant sections of MSFU.

Discover your inner Pirate

Thu, 14 Apr 2011 11:33:06 GMT

For the last two years Offensive Security has been taking the live training market by storm with its flagship course, Pentesting with BackTrack. We are very excited to announce that the next PWB live training will be held in an exotic location the Caribbean island of St. Kitts and Nevis.

BackTrack 5 on a Motorola Xoom

Tue, 12 Apr 2011 16:33:34 GMT

In the past few days we have been toying with some Motorola hardware, and have managed to get a basic build of BackTrack 5 (+ toolchain) on a Motorola Xoom. The possibilities look exciting as we are slowly building several experimental arm packages. Our team does not have much experience with the Android OS nor ARM hardware, but so far – so good. We will not promise an ARM release on May 10th, as this new “experiment” was not planned in any way – but we’ll do our best.

MSFU Updates – March 2011

Tue, 15 Mar 2011 10:59:42 GMT

This past month has seen more additions to our free Metasploit Unleashed training course, primarily in our on-going effort to build out the Metasploit Module Reference section. At the same time, we are still continuing to work through the course content to ensure that it is still all functional.

MSFU Updates – February 2011

Tue, 15 Feb 2011 09:05:34 GMT

This past month has seen a number of additions to our free Metasploit Unleashed training course, primarily in our on-going effort to build out the Metasploit Module Reference section. In addition, we are still continuing to work through the course content to ensure that it is still all functional.

MSFU Updates – January 2011

Mon, 17 Jan 2011 10:35:01 GMT

This past month has seen a number of additions to our free Metasploit Unleashed training course, primarily in our on-going effort to build out the Metasploit Module Reference section. The Metasploit team has been developing at a rapid pace with new features and modules being frequently added. We are also continuing to go through the course content itself and verify the functionality of the provided material.

The Art of Human Hacking

Sun, 19 Dec 2010 18:39:24 GMT

It’s hard to believe that the social-engineer.org project began 14 months ago. This project started from a simple idea to build the world’s first framework for social engineers. In these 14 months, this project has grown into the leading resource for all real social engineering education. The CTF that we held at Defcon 18 proved beyond doubt that this resource was greatly required.

MSFU Updates – December 2010

Wed, 15 Dec 2010 09:50:55 GMT

This month we have again been steadily updating the Metasploit Module Reference section of Metasploit Unleashed and also added some great new content covering the setup and usage of databases with Metasploit under BackTrack4 R2. This month also saw the introduction of the excellent GUI front-end, Armitage.

Metasploit Pro Added to the PWB Labs

Mon, 13 Dec 2010 08:44:22 GMT

We are very happy to announce that our Penetration Testing with BackTrack online labs now include installations of Metasploit Pro. Deep within our lab network, students who Try Harder™ will encounter credentials for these installations that will allow them to enjoy the use of a tool that simplifies many of the tasks that they had to perform manually.

Godaddy Workspace XSS – Who’s your Daddy ?

Sat, 11 Dec 2010 11:12:27 GMT

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

Armitage in BackTrack 4 r2

Mon, 29 Nov 2010 14:43:23 GMT

A brief time ago, an exciting GUI front-end for Metasploit named Armitage was released. For being an initial release, Armitage is very polished and so we knew we had to add it to the BackTrack respositories.

Metasploit with MySQL in BackTrack 4 r2

Sun, 21 Nov 2010 22:42:56 GMT

Until the release of BackTrack 4 r2, it was possible to get Metasploit working with MYSQL but it was not an altogether seamless experience. Now, however, Metasploit and MYSQL work together “out of the box” so we thought it would be great to highlight the integration. With the Metasploit team moving away from sqlite3, it is vital to be able to make use of a properly threaded database. There have also been quite a number of additional database commands added to Metasploit and documentation tends to be rather sparse online when it comes to the less “glamorous” side of database management.

MSFU Updates – November 2010

Mon, 15 Nov 2010 17:33:58 GMT

This past month has been busy yet we have been steadily updating the free Metasploit Unleashed Training course with the largest growing area being the Module Reference section. This month has also seen updates to the Fast-Track and Social-Engineer Toolkit sections of the wiki.

Winamp 5.58 Exploit Development

Wed, 27 Oct 2010 14:31:21 GMT

The guys at the Exploit Database posted an awesome writeup on a Winamp 5.58 Exploit Development storming session – with some really cool results. In the end, they ended up writing a short assembly sequence to walk through the payload and replace bad characters with original shellcode bytes.

Adobe Shockwave player rcsL chunk memory corruption 0day

Thu, 21 Oct 2010 11:33:33 GMT

Adobe Shockwave player rcsL chunk memory corruption 0day demonstration and video

Metasploit Unleashed, Again!

Wed, 06 Oct 2010 22:46:14 GMT

Metasploit Unleashed – new wiki with updated materials

Metasploit Unleashed – Updates

Thu, 26 Aug 2010 14:25:59 GMT

Updates to the Metasploit Unleashed Free online Training course, by Offensive Security.

Metasploit 3.4 and SET 0.6.1 on iPhone 4

Sat, 07 Aug 2010 23:00:35 GMT

Installing metasploit and social engineering toolkit SET on iPhone 4

BlackHat, BackTrack and EDB Updates

Sat, 07 Aug 2010 14:09:06 GMT

Updates from BlackHat, BackTrack Exploit-Database, Social-engineer.org and more!

How to Update to BackTrack 2.6.34

Mon, 05 Jul 2010 10:38:02 GMT

Howto Update BackTrack to the latest Kernel 2.6.34

BackTrack ISO Kernel 2.6.34 Upgrade

Fri, 02 Jul 2010 10:53:41 GMT

BackTrack ISO Kernel 2.6.34 Upgrade

How to Hack your Way to BlackHat Vegas

Thu, 24 Jun 2010 10:02:02 GMT

Cyber Hacking Challenge – HSIYF 2 by Offensive Security

Penetration Testing Tools

Thu, 24 Jun 2010 10:00:29 GMT

Penetration Testing Tools for BackTrack 4 R1 – Submit your idea today!

Evocam Remote Buffer Overflow on OSX

Fri, 04 Jun 2010 11:38:41 GMT

A tutorial on the Evocam Remote Buffer Overflow on OSX 10.5.8

Hacking Challenge #2 – HSIYF for Charity

Wed, 26 May 2010 19:57:21 GMT

HFC Cyber Hacking Challenge – How strong is your Fu for charity?

BackTrack 4 R1 Dev Public Release

Mon, 10 May 2010 08:23:59 GMT

The best information security distribution for penetration testing and security audits. Help us test the R1 Development release.

BackTrack 4 Release 1 (R1 Dev)

Wed, 05 May 2010 11:03:52 GMT

The leading Information Security and Penetration Testing Distribution

Malicious Google Gadgets in Action

Mon, 03 May 2010 18:46:20 GMT

Malicious Google Gadgets in Action Video – by Offensive Security

Penetration Testing in the Real World

Tue, 27 Apr 2010 08:12:34 GMT

Penetration Testing video by Offensive Security – Real world scenario.

How Strong is Your Fu?

Tue, 20 Apr 2010 13:54:28 GMT

Offensive Security Holds first Hacking Tournament – How strong is Your Fu?

Return Oriented Exploitation (ROP)

Mon, 12 Apr 2010 18:53:06 GMT

For all those who registered to AWE in BlackHat Vegas 2010 – we have special surprise for you… We’ve updated our “Bypassing NX” module with the buzzing ROP exploitation method.

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

Mon, 05 Apr 2010 08:16:04 GMT

An interesting submission to EDB today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.

Penetration Testing With BackTrack v.3.0 Alive!

Sat, 20 Mar 2010 20:00:57 GMT

The Online Security Training course – Penetration Testing with BackTrack – has been updated.

QuickZip Stack BOF : A box of chocolates – part 2

Mon, 15 Mar 2010 11:11:40 GMT

QuickZip stack overflow walkthrough part 2

PWB v3.0 – Offensive Security Online Training at its Best

Thu, 11 Mar 2010 19:10:38 GMT

Our flagship course, Penetration Testing with BackTrack is about to go to v3.0

QuickZip Stack BOF 0day: a box of chocolates

Sun, 07 Mar 2010 11:09:00 GMT

QuickZip stack overflow walkthrough part 1

PWB V.3.0 Available March 21st, 2010

Fri, 26 Feb 2010 16:25:56 GMT

Pentesting with BackTrack (PWB) version 3 available

Multiple Media Player HTTP DataHandler Overflow

Fri, 15 Jan 2010 11:55:22 GMT

Multiple Media Player HTTP DataHandler Overflow submitted to Exploit-db.

Pentesting With BackTrack v.3.0

Wed, 13 Jan 2010 15:14:52 GMT

Pentesting With BackTrack v.3.0

BackTrack 4 Final Release

Mon, 11 Jan 2010 15:21:23 GMT

BackTrack Linux version 4 released

Exploit-DB Updates

Thu, 03 Dec 2009 16:27:28 GMT

Exploit Database updated with OSVDB, CVE, Firefox toolbar and SVN functionality

Explo.it – The Day After

Tue, 17 Nov 2009 14:19:47 GMT

The Exploit Database now online.

Offensive Security Exploit Archive Online

Mon, 16 Nov 2009 11:40:42 GMT

Offensive Security Exploit Database, as well as Vulnerable applications is now Online

Metasploit Unleashed Back Online

Wed, 11 Nov 2009 18:08:41 GMT

Metasploit Unleashed Back Online

Offsec Web Server Hacked

Sun, 08 Nov 2009 21:58:06 GMT

Offsec web server hacked, detected, and stopped

Metasploit Rising

Wed, 21 Oct 2009 12:08:32 GMT

Metasploit purchased by Rapid7

Free Information Security Training By Offensive Security

Mon, 21 Sep 2009 16:57:13 GMT

We are finally ready to present the free information security training – Metasploit Unleashed (MSFU) – Mastering the Framework.

Sniffing DECT Phones – The Details

Thu, 17 Sep 2009 15:53:43 GMT

Sniffing DECT phones video demonstration

Sniffing DECT Phones with BackTrack

Thu, 10 Sep 2009 15:44:04 GMT

Sniffing DECT Phones with BackTrack

Metasploit Unleashed – Information Security Training at its best.

Tue, 08 Sep 2009 14:49:38 GMT

Metasploit Unleashed – Information Security Training at its best.

Microsoft IIS FTP 5.0 Remote SYSTEM Exploit

Mon, 31 Aug 2009 20:05:14 GMT

Microsoft IIS FTP 5.0 remote SYSTEM exploit video demonstration

BackTrack 4 Pre Final Kernel Update

Sun, 30 Aug 2009 03:09:53 GMT

BackTrack 4 Pre Final kernel update

Kernel whoops in BackTrack 4

Sun, 16 Aug 2009 19:58:44 GMT

Linux Kernel ‘sock_sendpage()’ NULL Pointer Dereference vulnerability patched in BackTrack 4

Metasploit Unleashed – Mastering the Framework

Wed, 15 Jul 2009 23:22:35 GMT

Metasploit Unleashed – Mastering the Framework

Social Engineering Contest – Defcon 2009

Thu, 09 Jul 2009 00:57:25 GMT

Social Engineering Contest – Defcon 2009

BackTrack 4 Pre Final – Feel the pwnsauce!

Sat, 04 Jul 2009 02:54:01 GMT

BackTrack 4 Pre Final download statistics

Holy Crack!

Sat, 27 Jun 2009 06:36:45 GMT

BackTrack 4 CUDA password cracking guide

Installing VMWare Workstation 6.5.2 On BackTrack 4

Sat, 20 Jun 2009 04:43:10 GMT

Installing VMWare Workstation 6.5.2 On BackTrack 4

Keeping BackTrack up to Date

Sat, 20 Jun 2009 03:47:42 GMT

Keeping BackTrack up to Date

Installing BackTrack 4 as a VMware Guest

Fri, 19 Jun 2009 19:19:11 GMT

Installing BackTrack 4 as a VMware Guest

BackTrack 4 Pre Final – Public Release and Download

Fri, 19 Jun 2009 14:01:31 GMT

BackTrack 4 Pre Final public release, download, and getting started guide

ITunes Reloaded – Getting the Shell

Thu, 18 Jun 2009 07:30:48 GMT

Exploiting iTunes, part 2

ITunes Exploitation Case Study

Thu, 11 Jun 2009 18:57:20 GMT

ITunes Exploitation Case Study

CUDA and ATI Stream in BackTrack 4

Mon, 08 Jun 2009 04:03:27 GMT

CUDA and ATI Stream GPU password cracking in BackTrack 4

The Fingerprinting power in BackTrack4

Fri, 05 Jun 2009 13:45:21 GMT

BackTrack4 fprint configuration guide

Backtrack 4 Powered with CUDA

Fri, 05 Jun 2009 01:01:26 GMT

WPA Cracking with NVIDIA CUDA

Customizing the BackTrack 4 PreFinal ISO

Sun, 31 May 2009 23:11:27 GMT

Customizing the BackTrack 4 PreFinal ISO

Backtrack 4 Forensics Capabilities

Sun, 31 May 2009 02:51:17 GMT

Backtrack 4 Forensics Capabilities

BackTrack 4 Pre Final Sneak Peek

Tue, 26 May 2009 18:38:24 GMT

BackTrack 4 Pre Final Sneak Peek

BackTrack 4 Pre Final

Tue, 19 May 2009 17:53:56 GMT

There have been many changes introduced into BackTrack 4 – most notably, our move to an Ubuntu Intrepid base. We now maintain our own full repositories with modified Ubuntu packages in addition to our own penetration testing tools.