Author Archive

exploit-iPad6

Offsec Exploit Weekend

Aloha Offsec students! You’ve been slapped around by Bob, abused by Nicky and crushed by NNM. Just as you thought it was over, Offensive Security now comes up with a brand new type of pain. This one is for all your hardcore exploit developers out there, who want a real challenge – an Offsec “Exploit Weekend”.

Read More
Winamp 5.58 Exploit Development

Winamp 5.58 Exploit Development

The guys at the Exploit Database posted an awesome writeup on a Winamp 5.58 Exploit Development storming session – with some really cool results. In the end, they ended up writing a short assembly sequence to walk through the payload and replace bad characters with original shellcode bytes. Read more – Winamp 5.58 from Dos to Code Execution

Read More
Adobe Shockwave player rcsL chunk memory corruption 0day

Adobe Shockwave player rcsL chunk memory corruption 0day

It’s not often we wake up and find a massive 0day submitted to the Exploit Database – but today was different. Abysssec security released an Adobe Shockwave player 0day. We verified the exploit as part as our verification process in the Exploit database and made a short movie to demonstrate the the vulnerability.

Read More
pwb-3-offsec

Penetration Testing with BackTrack – Live Training

Penetration Testing with BackTrack – There has been a lot of focus on high quality training for security professionals lately in the news. Even the US Government has issued statements about the need for security training to be different in the market today. Much of their research has led them to say that a real-world, hands-on approach to training is more effective than the typical multiple choice training that is out there.

Read More
MSFU Updates

Metasploit Unleashed – Updates

Once again, we have a few exciting updates we would like to inform you about. First and foremost, our Metasploit Unleashed Free Training course is going through a major overhaul, and will be updated and maintained on a monthly basis. You can expect a whole lot of new content being added onto the Metasploit Unleashed Wiki in the next few months.

Read More
Microsoft DLL Hijacking Exploit in Action

Microsoft DLL Hijacking Exploit in Action

The “new” Insecure Library Loading vulnerability (2269637) in action… The Metasploit team has added a exploit module for this vulnerability. Check it out.

Read More
poster-dark1-thumb

Security Awareness Training – A New Era

Each year companies lose millions in security breaches. High quality Information Security Awareness is probably one of the most important remedies for these attacks. For a long time we have held to the thought that the human element is the weakest link in the chain, and the Social Engineering Contest at Defcon 18 really drove the point through.

Read More
Metasploit 3.4 and SET 0.6.1 on iPhone 4

Metasploit 3.4 and SET 0.6.1 on iPhone 4

Just a quick update on getting your favorite tools on iOS 4 – Metasploit and SET. You need to have a Jailbroken iPhone with SSH access for this. You will also need to install nano and APT 0.7 Strict via Cydia. Unlike all other major revisions of Cydia, getting everything up and running is a breeze now.

Read More
r1-release-offsec-blog

BlackHat, BackTrack and EDB Updates

The Offsec crew is back from BlackHat and Defcon, alive and well. The PWB and AWE trainings were a blast and the crowd was awesome. The BackTrack R1 BlackHat edition release went well, with over 5500 DVDs distributed. We thank everyone who came to our booth – it was nice to put a face to some of those names…

Read More
BT-R1-Blog-offsec

BackTrack 4 R1 BlackHat Edition

The time is again upon us for the years biggest security conference event – Black Hat Vegas, USA. The folks at Black Hat have prepared a stellar week of great trainings and cutting edge briefings.

Read More
Upcoming Courses and Security Training

Upcoming Courses and Security Training

BlackHat Offensive Security Training Courses are selling out…sign up quick! To all those who signed up – we’ve got some special things planned for you, you’re definitely in for a ride. Thanks for flying Offsec.

Read More

PWB V.3.0 Available March 21st, 2010

The Offensive Security team is excited to announce the release date of v3.0 of the Pentesting With BackTrack Course.  On March 21, 2010 the course will be made live. The team has worked overtime to ensure the videos and labs are better than ever. With new modules, more in depth…

Read More

Multiple Media Player HTTP DataHandler Overflow

We recieved an interesting submission today at exploit-db from Dr_IDE. We have verified that both Quicktime and Itunes crash on Windows and OSX. The description reads: “There is a widespread failure in the way that (.MOV) files are handled by the Quicktime Library. I have attempted to compound my findings…

Read More

Pentesting With BackTrack v.3.0

BackTrack 4 Downloads are still going strong with over 30,000 registered downloads up to now. We are currently working on updating our new course materials based on BackTrack 4. We expect the new version to be available soon. As always, alumni students will be able to upgrade their version of…

Read More

BackTrack 4 Final Release

Taken  from the new BackTrack Site : BackTrack 4 Final is out and along with this release come some exciting news, updates, and developments. BackTrack 4 has been a long and steady road, with the release of abeta last year, we decided to hold off on releasing BackTrack 4 Final…

Read More