Author Archive

Offensive Security - Booting Kali Linux over HTTP

Booting Kali Linux Live Over HTTP

Kali Linux Features Here at Offensive Security, we tend to use Kali Linux in unconventional ways – often making use of some really amazing features that Kali Linux has to offer. One of these interesting use-cases includes booting instances of Kali Linux Live over HTTP, directly to RAM. We realized…

Read More
Offensive Security - Kali NetHunter 1.2 Released

NetHunter 1.2 – Lollipop & Nexus 6/9

NetHunter 1.2 Released! Kali NetHunter 1.2 is fresh out, with a whole bunch of improvements, bug fixes….and yes, Android Lollipop support. This means that NetHunter now supports the Nexus6 and Nexus 9 devices too! This is awesome news to all those who have bought these new Nexus devices and have…

Read More
Offensive Security - Raspberry Pi with LUKS

Kali Linux on a Raspberry Pi (A/B+/2) with Disk Encryption

With the advent of smaller, faster ARM hardware such as the new Raspberry Pi 2 (which now has a Kali image built for it), we’ve been seeing more and more use of these small devices as “throw-away hackboxes“. While this might be a new and novel technology, there’s one major drawback to this concept – and that is the confidentiality of the data stored on the device itself. Most of the setups we’ve seen do little to protect the sensitive information saved on the SD cards of these little computers.

Read More
DriveDroid on Kali NetHunter

Bypassing Windows and OSX Logins with NetHunter & Kon-boot

The Kali Linux NetHunter platform has many hidden features which we still haven’t brought to light. One of them is the DriveDroid application and patch set, which have been implemented in NetHunter since v1.0.2. This tool allows us to have NetHunter emulate a bootable ISO or USB, using images of our choosing. That’s right, you can use NetHunter as a boot device which holds a library of bootable ISOs and images…And so we begin:

Read More
Symantec Endpoint Protection: Privilege Escalation

Symantec Endpoint Protection 0day

In a recent engagement, we had the opportunity to audit a leading Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.

Read More
Disarming Enhanced Mitigation Experience Toolkit

Disarming Enhanced Mitigation Experience Toolkit (EMET)

With the emergence of recent Internet Explorer Vulnerabilities, we’ve been seeing a trend of EMET recommendations as a path to increasing application security. A layered defense is always helpful as it increases the obstacles in the path of an attacker. However, we were wondering how much does it really benefit? How much harder does an attacker have to work to bypass these additional protections? With that in mind, we started a deep dive into EMET.

Read More
PWB in the Caribbean

PWB in the Caribbean, Part 1

Quite often, people tend to wonder what it’s like to experience an Offensive Security live training course. At our most recent live Pentesting with BackTrack course in St. Kitts, we had in attendance, Johnny Long of Hackers for Charity and he was good enough to keep a journal of his experiences during the course.

Read More
MSF Pentesters Guide by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Ahoroni

Metasploit: A Penetration Testers Guide

Offensive Security is happy to announce the availability of Metasploit, The Penetration Tester’s Guide – A new book by by Dave Kennedy (ReL1K), Devon Kearns (dookie), Jim O’Gorman (_Elwood_), and Mati Aharoni (muts).

Read More
pwb-caribbean-offsec-blog4

Discover your inner Pirate

For the last two years Offensive Security has been taking the live training market by storm with its flagship course, Pentesting with BackTrack. We are very excited to announce that the next PWB live training will be held in an exotic location the Caribbean island of St. Kitts and Nevis….

Read More
BackTrack 5 on a Motorola Xoom

BackTrack 5 on a Motorola Xoom

In the past few days we have been toying with some Motorola hardware, and have managed to get a basic build of BackTrack 5 (+ toolchain) on a Motorola Xoom. The possibilities look exciting as we are slowly building several experimental arm packages. Our team does not have much experience…

Read More
offsec-thumb-se-defcon19-2011

The Schmooze Strikes Back

The Social Engineering Defcon 19 CTF For the last 2 years now, Social-Engineer.Org’s mission has been to raise awareness for social engineering. Security technology has not been able to stop the advances of attackers leveraging social engineering techniques in order to gain unauthorized access to global organizations and fortune 500…

Read More
Live Training 2011

Live Training Spring 2011

In our spring tradition of live training we are happy to announce our official April 2011 Pentesting With BackTrack course in Columbia, MD. As usual we are keeping our classes small so if you are interested sign up as soon as possible before we are full.

Read More
derbycon-offsec-blog

DerbyCon Security Conference 2011

We are happy to announce that Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Louisville Kentucky. Our goal is to bring back an old style, community driven hacker con chocked full of amazing talks, live events and all around fun. The idea for DerbyCon…

Read More
Internet Explorer 0day

Internet Explorer CSS 0day on Windows 7

A recent video submission by Abysssec demonstrates the Internet Explorer CSS 0day currently rampaging  – reliably working on Windows 7 and Vista. The exploit bypasses DEP and ASLR without the use of any 3rd party extensions. There doesn’t seem to be a lot of discussion going around this exploit, however…

Read More
Godaddy Workspace XSS

Godaddy Workspace XSS – Who’s your Daddy ?

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy web interface, an attacker can acquire a your session information and log to the account with no credentials.All Godaddy workspace users, ph33r.

Read More