Customizing Kali Linux
One of the designers on the Kali Linux team shares his top tips and tools to customize Kali Linux. Dig in under the hood with Daniel Ruiz de Alegría.
Read MoreAttacking the Web: The Offensive Security Way
OffSec student 0xklaue wrote this review of Advanced Web Attacks and Exploitation and the OSWE exam. Find out how to prepare and what you need to know.
Read MorePlaybook for Running a Global Work-from-Home Company
With people located in over 24 countries, we’ve been working from our homes since our founding in 2006. Here’s five tips on how to run a distributed team effectively.
Read MoreInformation Security Training Paths at OffSec
Find out where to start with OffSec’s information security training courses. We outline our learning paths to certification and career development.
Read MorePWK & OSCP Frequently Asked Questions
Get official answers to the most common questions about Penetration Testing with Kali Linux and the OSCP exam. Learn about requirements, prep, and more.
Read MorePWK: All New for 2020
Penetration Testing with Kali Linux (PWK) has gotten a massive overhaul for 2020. Find out what’s new in Offensive Security’s foundational pentesting course.
Read MoreStudent Spotlight: Mindset and Community with Suhyun Smith, OSCP
Learn how dedication, mindset, and community empowered Suhyun Smith in her OSCP certification journey, and get her tips for success.
Read MoreStudent Spotlight: Meet Mihai, a 16 year old OSCP holder
Meet Mihai, a 16 year old OSCP holder and PWK graduate out of Romania. Read more about his tremendous start and journey into infosec.
Read MoreStudent Spotlight: Flood Survivor and OSCP Graduate
OffSec student Christopher M Downs takes trying harder to another level: completing (and passing) his OSCP exam in the middle of a New Orleans flood. Read more about Christopher’s inspiring journey.
Read MoreTry Harder: From Mantra to Mindset
Our community manager, Tony Punturiero, breaks down the meaning of Offensive Security’s legendary motto “Try Harder”, and how it can help jump start your cyber career.
Read MoreMy OSCP Guide: A Philosophical Approach
Samuel Whang, a PWK graduate, details his recommendations and a unique philosophical approach for those looking to pursue their OSCP.
This article originally appeared on Sep 24, 2019, posted by Samuel Whang. It has been posted with minor edits, with permission from the author. Original post: https://medium.com/@klockw3rk/my-oscp-guide-a-philosophical-approach-a98232bc818
Read MoreUnderstanding the Fundamentals of Web Application Security
Web application security can be a rewarding career path. However, the web application security space, and cybersecurity industry as a whole, lives in a constant state of change. An unrelenting curiosity and passion for lifelong learning is mandatory for anyone seeking to specialize in this niche. Here are some fundamentals to help you pursue these skills.
Read MoreCybersecurity Awareness Month 2019
October is National Cybersecurity Awareness Month. It’s an effort to raise awareness about cybersecurity among those who aren’t typically aware or concerned. For those of us in the infosec industry, it’s a good reminder that we’re in a position to mentor those around us in having safer online lives.
In support of Cybersecurity Awareness Month 2019, we’ve gathered some basic resources you can share with friends and family outside infosec.
Read MoreMeet Csaba Fitzl, Student Graduate of Every Offensive Security Course
Only a handful of students in Offensive Security history have ever completed all of our available courses. Considering the wide range of module topics and the high difficulty level that comes with each course, it’s a monumental accomplishment.
Meet Csaba Fitzl, a seasoned penetration tester and graduate of all five Offensive Security courses.
Read MoreAnalyzing a Creative Attack Chain Used to Compromise a Web Application
What if someone was able to access and steal your company’s intellectual property or customer data? These are the types of concerns Chief Information Security Officers lose sleep over. Despite conducting frequent and independent security audits, even the most security focused organizations can remain susceptible to the latest vulnerabilities and attacks.
Today, most organizations handle sensitive personal and business data in web based applications, and as a result, allocating resources towards vulnerability mitigation isn’t a choice anymore, it’s a must.
In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).
Read More5 Best Practices for Web Application Security
When it comes to web application security, there are many measures you can implement to reduce the chances of an intruder stealing sensitive data, injecting malware into a webpage, or public defacement. As more and more organizations transition their business operations to web applications, security in the development process can no longer be an afterthought. Whether it’s a code injection, privilege escalation, DDoS attack, or a vulnerable element, bad actors are constantly looking for creative ways to manipulate exploits for personal gain.
We’ve rounded up our top five (5) best practices to help you fortify your application security.
Read More