Author Archive

BT4, Adobe 0days and other updates

We are very close to a final release of BT4. We are working vigorously in these final days… So far its looking AMAZING, and we are loving every little bit of it. For those who missed it, Metasploit got updated with a brand new shiny Adobe 0day.

Read More

Exploit-DB Updates

Lots of new updates in the exploit-db arena. Barabas whipped up a quick browser search bar plugin. We got a massive CVE / OSVDB entry update from Steve Tornio which was added to our DB. Our “perfect” exploit template now has links to the exploit code, vulnerable app , CVE…

Read More

Explo.it – The Day After

The Exploit Database is up and running…survived day 1 . On a last moment fluke, we registered the domain https://www.exploit-db.com/, which is now also up and running. We’ve improved the search functions on the site, and imported the “papers” and “shellcode” sections from Milw0rm. We’ve been getting our first submissions…

Read More

Offensive Security Exploit Archive Online

After a short and intense setup, we are ready to present the Offsec Exploit Archive. We’ve recreated the milw0rm database, updated it and are now accepting submissions. The purpose of the site is to provide researchers and security enthusiasts a repository of exploits, and when possible, the relevant affected software….

Read More

Metasploit Unleashed Back Online

Just a quick note  – the Metasploit Unleashed Wiki is back online, patched cleaned and secured. The Offsec Exploit database will be online by the end of the week. Stay tuned!

Read More

Offsec Web Server Hacked

For the past couple of weeks we have been watching escalating DOS attacks against our web server, specifically against the Metasploit Unleashed Wiki. Today as we were watching our apache logs, we noticed unusual requests. A quick analysis showed that our web server was compromised through a vulnerability in the…

Read More

Offensive Security Exploit Archive

For the past few months, Offensive Security has been working with additional exploit addicts (Rel1k) at maintaining the integrity of the Milw0rm exploit archive. For those who don’t know, Milw0rm has been dormant in the past few weeks, for reasons which remain with str0ke (he is alive, healthy and well…

Read More

Metasploit Rising

The Framework that we all know and love is about to take a massive leap into the future.   The MSF crew as well as the MSF itself has been placed under Rapid 7’s corporate umbrella. The framework will continue to be free, running under the BSD license. We expect…

Read More

News and Updates

We’ve got a bunch of exciting news, I’ll try to make this as short and concise as possible. The guys from the Metasploit project have teamed up with Offensive Security to significantly expand our current Metasploit Unleashed public course. Work is underway! Apropos MSFU, some statistics – over 3 million…

Read More

Free Online Information Security Training By Offensive Security

Free Online Security Training We are finally ready to present the free information security training – Metasploit Unleashed – Mastering the Framework. This resource will be a living, breathing Metasploit documentation entity. We will keep on updating and adding new modules and chapters as the MSF evolves. For a long…

Read More

Sniffing DECT Phones – The Details

5M7X has completed his DECT write-up, and it rocks. As DECT phone manufacturers rarely give any indication about their phone encryption capabilities, the only reliable way to check the security of your phone is to test it yourself.

Read More

Social Engineering at its best

In conjunction with a team of social engineers, penetration testers and information security experts, www.social-engineer.org is opening its “virtual” doors today. The team at Offensive Security has been working with many contributors and specialists to put together the Webs Official Framework for Social Engineering. www.social-engineer.org will house an ever growing…

Read More

Sniffing DECT Phones with BackTrack

BIG FAT HAIRY NOTE: IT IS ILLEGAL TO RECORD PHONE CONVERSATIONS IN MANY COUNTRIES. For a list of state privacy laws in the US, click here and here. Thanks to 5m7x, dedected is soon to be added to the BackTrack repositories. In our internal tests, the standard AT&T cordless phone…

Read More

Metasploit Unleashed – Information Security Training at its best.

The “Metasploit Unleashed” online courseware is almost ready! We had several technical issues which delayed the release of the course by a couple of weeks. Here’s a quick teaser, showing some of the TOC. We expect the online version to be released in a week or so, and the full…

Read More

Microsoft IIS FTP 5.0 Remote SYSTEM Exploit

A remote Microsoft FTP server exploit was released today by Kingcope, and can be found at http://milw0rm.com/exploits/9541, A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small payload size allowed by the…

Read More