Offensive Security Blog

  • Msf Updated Offsec

    MSFU Updates – February 2011

    This past month has seen a number of additions to our free Metasploit Unleashed training course, primarily in our on-going effort to build out the Metasploit Module Reference section. In addition, we are still continuing to work through the course content to ensure that it is still all functional.

    Read More →
  • Msf Updated Offsec

    MSFU Updates – January 2011

    This past month has seen a number of additions to our free Metasploit Unleashed training course, primarily in our on-going effort to build out the Metasploit Module Reference section. The Metasploit team has been developing at a rapid pace with new features and modules being frequently added. We are also continuing to go through the course content itself and verify the functionality of the provided material.

    Read More →
  • Derbycon Offsec Blog

    DerbyCon Security Conference 2011

    We are happy to announce that Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Louisville Kentucky. Our goal is to bring back an old style, community driven hacker con chocked full of amazing talks, live events and all around …

    Read More →
  • Ie 0day Css Blog

    Internet Explorer CSS 0day on Windows 7

    A recent video submission by Abysssec demonstrates the Internet Explorer CSS 0day currently rampaging  – reliably working on Windows 7 and Vista. The exploit bypasses DEP and ASLR without the use of any 3rd party extensions. http://vimeo.com/18023495 There doesn’t seem to be a lot of …

    Read More →
  • Sebook Offsec

    The Art of Human Hacking

    It’s hard to believe that the social-engineer.org project began 14 months ago. This project started from a simple idea ­ to build the world’s first framework for social engineers. In these 14 months, this project has grown into the leading resource for all real social …

    Read More →
  • Msf Updated Offsec

    MSFU Updates – December 2010

    This month we have again been steadily updating the Metasploit Module Reference section of Metasploit Unleashed and also added some great new content covering the setup and usage of databases with Metasploit under BackTrack4 R2. This month also saw the introduction of the excellent GUI front-end, Armitage.

    Read More →
  • 08 More Sessions

    Metasploit Pro Added to the PWB Labs

    We are very happy to announce that our Penetration Testing with BackTrack online labs now include installations of Metasploit Pro. Deep within our lab network, students who Try Harder will encounter credentials for these installations that will allow them to enjoy the use of a tool that simplifies many of the tasks that they had to perform manually.

    Read More →
  • Godaddy Xss

    Godaddy Workspace XSS – Who’s your Daddy ?

    An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

    In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy web interface, an attacker can acquire a your session information and log to the account with no credentials.All Godaddy workspace users, ph33r.

    Read More →
  • 1 Shell

    Armitage in BackTrack 4 r2

    A brief time ago, an exciting GUI front-end for Metasploit named Armitage was released. For being an initial release, Armitage is very polished and so we knew we had to add it to the BackTrack respositories.

    Read More →
  • Metasploit with MYSQL in BackTrack 4 r2

    Until the release of BackTrack 4 r2, it was possible to get Metasploit working with MYSQL but it was not an altogether seamless experience. Now, however, Metasploit and MYSQL work together “out of the box” so we thought it would be great to highlight the integration. With the Metasploit team moving away from sqlite3, it is vital to be able to make use of a properly threaded database. There have also been quite a number of additional database commands added to Metasploit and documentation tends to be rather sparse online when it comes to the less “glamorous” side of database management.

    Read More →
Page 7 of 15« First...«56789»10...Last »