OffSec | OffSec

Q4 Community Updates: Bridging the Diversity Gap, New Payment Plans, and Industry Events

Wrapping up 2022 with OffSec's Q4 community update! Find details about our latest community efforts, payment plans, live training, and much more.

#Updates

Exploit Database 2022 Update

We’re sharing some significant updates to Exploit Database, one of OffSec’s community projects.

#exploitdb #Updates

Staged Payloads from Kali Linux | PT Phone Home – PHP

Tristram shows you how to host a PHP web page on Kali Linux and how you can use it to stage payloads that are hidden behind a wall of conditional access requirements.

#exploit #php

See Yourself in Cyber with OffSec: Cloud Security

As part of Cybersecurity Awareness Month 2022, we share out insights on starting a career in cloud security, together with key skills, prerequisites, career outlook, and much more.

#learn fundamentals

See Yourself in Cyber with OffSec: Web Application Security

As part of Cybersecurity Awareness Month 2022, we share a complete guide to starting a career in web application security with insight into career outlook, essential skills, and much more.

#web-300

Q3 Community Update | OffSec Academy, New Content, Giving Program

Welcome to OffSec's Q3 community update! This post discusses the launch of our Giving Program, new content, OffSec Academy, and much more.

#Updates

See Yourself in Cyber with OffSec: Security Operations

As part of Cybersecurity Awareness Month 2022, we share a complete guide to starting a career in security operations and defense.

#soc-200

In the Hunt for the macOS AutoLogin Setup Process

OffSec's Csaba Fitzl shares how he reverse-engineered the macOS auto-login process, including the walls he hit, and the times he resorted to trial-and-error approaches.

#exploit #macOS

Staged Payloads from Kali Linux | PT Phone Home – DNS

In part one of this post, Tristram teaches you how to use TXT records to stage payloads that can be retrieved through DNS lookups.

The Importance of Skilled Security Practitioners: How Security Skillfulness Reflects on Your Security Posture

Read about how the skillfulness of your security practitioners can impact your overall cybersecurity program and posture.

Bypassing Intel CET with Counterfeit Objects

In this blog, we’ll briefly cover how CFI mitigations works, including CET, and how we can leverage COOP to effectively bypass Intel CET on the latest Windows releases.

Offensive Security Online Community BBQ Event

Join our OffSec bbq event for the chance to win some swag! Make your favorite bbq meal and share photos on Discord. Pic with the most yums will be the winner.

OSCP Bonus Points Update: Sunsetting PEN-200 Legacy Course Exercises and a New Way to Achieve Points!

Announcing changes to achieving OSCP Bonus Points and sunsetting of the PEN-200 legacy course exercises.

Introduction to Car Hacking: The CAN Bus

The CAN bus (Controller Area Network bus) is a central network that a vehicle communicates with its components. We can think of this in regard to the fact that the vehicle has many functions that operate via electrical signals. The car has door locks, a speedo