Offensive Security Blog

  • Kai Linux Galaxy Note 10.1

    Kali Linux on a Galaxy Note 10.1

    Here at Offsec, we love playing with hardware. Be it something like the Onity Hotel Door Unlocker, a Teensy USB HID attack payload, or RFID hacks – if it’s shiny, we like it. While we were in the last stages of developing Kali Linux, we made the effort to to get Kali working on some ARM hardware, such as the Samsung Chromebook, Odroid U2, Raspberry Pi and RK3306 devices such as the SS808, and then contributed these to the community as “Unofficial Trusted Images”, together with the Official Kali Linux downloads.

    Read More →
  • Kali New Dawn Blog

    Kali Linux Has Been Released!

    Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We’ve taken all of this knowledge and experience and implemented it in our “next generation” penetration testing distribution.

    Read More →
  • Vienna 2013

    Advanced Windows Exploitation Vienna

    The Advanced Windows Exploitation (AWE) class in Vienna is coming up quick! This will be our first time teaching the class outside of the US and is the only public planned AWE this year outside of BlackHat Vegas. We have secured a beautiful facility on the 24th floor of the Millennium Tower on the Vienna waterfront, and still have a couple of seats left open. So if you are interested in coming now is the time to take action!

    Read More →
  • Kali Linux Offsec Blog

    BackTrack Reborn – Kali Linux

    It’s been 7 years since we released our first version of BackTrack Linux, and the ride so far has been exhilarating. When the dev team started talking about BackTrack 6 (almost a year ago), each of us put on paper a few “wish list goals” that we each wanted implemented in our “next version”. It soon became evident to us that with our 4 year old development architecture, we would not be able to achieve all these new goals without a massive restructure, so, we massively restructured and “Kali” was born. We’ve also posted a Kali Linux teaser on the BackTrack Linux site – and that’s all we’ll say for now…

    Read More →
  • Yahoo Owned Xss 0day

    Yahoo DOM XSS 0day – Not fixed yet!

    After discussing the recent Yahoo DOM XSS with Shahin from Abysssec.com, it was discovered that Yahoo’s fix is not effective as one would hope. According to Yahoo, this issue was fixed at 6:20 PM EST, Jan 7th, 2013. With little modification to the original proof of concept code written by Abysssec, it is still possible to exploit the original Yahoo vulnerability, allowing an attacker to completely take over a victim’s account. The victim has to be lured to click a link which contains malicious XSS code for the attack to succeed. This can demonstrated by the video we have created just this morning (Jan 8th, 2013) after Shahin kindly shared proof of concept code with us.

    Read More →
  • Aix Shellcode Feature

    Fun with AIX Shellcode and Metasploit

    In one of our recent pentests, we discovered an 0day for a custom C application server running on the AIX Operating System. After debugging the crash, we discovered that the bug could lead to remote code execution and since we don’t deal very often with AIX exploitation, we decided to write an exploit for it. The first steps were accomplished pretty quickly and we successfully diverted the execution flow by jumping to a controlled buffer. At this point, we thought we could easily generate some shellcode from MSF and enjoy our remote shell.

    Read More →
  • Ca Int3

    CA ARCserve – CVE-2012-2971

    On a recent penetration test, we encountered an installation of CA ARCserve Backup on one of the target systems that piqued our interest. Like most “good” enterprise applications, ARCserve has processes that are running as SYSTEM so naturally, we went straight to work looking for vulnerabilities.

    Read More →
  • Awe Vienna March 20131

    AWE is Going to Vienna, Austria

    Join us for a mind-blowing experience in a city known for its dynamic history and contemporary design, Vienna, Austria. For the first time in Europe we are holding our most intense live training course, Advanced Windows Exploitation (AWE). Be prepared to be challenged beyond your limits!

    Read More →
  • 001 Parts1

    Onity Door Unlocker, Round Two.

    On one of our engagements, we figured an Onity Hotel door unlocker would be useful to us. Inspired by the James bond type setup we saw on the Spiderlabs blog post, we thought we’de try to build a small, simple and “TSA friendly” version of the Onity key unlocker. Pro Tip: Connecting a 9v battery with the wrong polarity to an Arduino Mini Pro will make pretty sparks.

    Read More →
  • Rfid Harvester

    Stand-Alone EM4x RFID Harvester

    Continuing off from our last RFID Cloning with Proxmark3 post, we wanted to build a small, portable, stand-alone EM4x RFID tag stealer. We needed an easy way of storing multiple tag IDs whilst “rubbing elbows” with company personell. The proxmark3 seemed liked an overkill and not particularly fast at reading em4x tags so we figured we’de try hooking up our RoboticsConnection RFID reader to a Teensy and see if we could make them play nicely together.

    Read More →
Page 3 of 15«12345»10...Last »