Offensive Security Blog
MSFU Updates – March 2011
This past month has seen more additions to our free Metasploit Unleashed training course, primarily in our on-going effort to build out the Metasploit Module Reference section. At the same time, we are still continuing to work through the course content to ensure that it is still all functional.
Read More →
Live Training Spring 2011
In our spring tradition of live training we are happy to announce our official April 2011 Pentesting With BackTrack course in Columbia, MD. As usual we are keeping our classes small so if you are interested sign up as soon as possible before we are …
Read More →MSFU Updates – February 2011
This past month has seen a number of additions to our free Metasploit Unleashed training course, primarily in our on-going effort to build out the Metasploit Module Reference section. In addition, we are still continuing to work through the course content to ensure that it is still all functional.
Read More →MSFU Updates – January 2011
This past month has seen a number of additions to our free Metasploit Unleashed training course, primarily in our on-going effort to build out the Metasploit Module Reference section. The Metasploit team has been developing at a rapid pace with new features and modules being frequently added. We are also continuing to go through the course content itself and verify the functionality of the provided material.
Read More →
DerbyCon Security Conference 2011
We are happy to announce that Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Louisville Kentucky. Our goal is to bring back an old style, community driven hacker con chocked full of amazing talks, live events and all around …
Read More →
Internet Explorer CSS 0day on Windows 7
A recent video submission by Abysssec demonstrates the Internet Explorer CSS 0day currently rampaging – reliably working on Windows 7 and Vista. The exploit bypasses DEP and ASLR without the use of any 3rd party extensions. http://vimeo.com/18023495 There doesn’t seem to be a lot of …
Read More →
The Art of Human Hacking
It’s hard to believe that the social-engineer.org project began 14 months ago. This project started from a simple idea to build the world’s first framework for social engineers. In these 14 months, this project has grown into the leading resource for all real social …
Read More →MSFU Updates – December 2010
This month we have again been steadily updating the Metasploit Module Reference section of Metasploit Unleashed and also added some great new content covering the setup and usage of databases with Metasploit under BackTrack4 R2. This month also saw the introduction of the excellent GUI front-end, Armitage.
Read More →
Metasploit Pro Added to the PWB Labs
We are very happy to announce that our Penetration Testing with BackTrack online labs now include installations of Metasploit Pro. Deep within our lab network, students who Try Harder will encounter credentials for these installations that will allow them to enjoy the use of a tool that simplifies many of the tasks that they had to perform manually.
Read More →
Godaddy Workspace XSS – Who’s your Daddy ?
An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.
In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy web interface, an attacker can acquire a your session information and log to the account with no credentials.All Godaddy workspace users, ph33r.
Read More →