Kali NetHunter has been undergoing a ton of changes as of late. Now supporting over 50 devices and running on Android devices from KitKat (v4.4) to Pie (v9.0), its amazing the extra capabilities that have been introduced.
But, we don’t want to stop there. After a ton of work, we are really excited to introduce the Kali NetHunter App Store!
For those planning on attending Black Hat in Las Vegas on August 3-8, come stop by our booth (#2604) in the Business Hall — which will be available August 7-8. Members from many different teams of OffSec will be there and would love to meet you! Rumors are swirling that we’ll also be handing out special Challenge Coins to visitors that Try Harder… so make sure to stop by.
In March we released the online version of Advanced Web Attacks and Exploitations (AWAE) to amazing customer response. Thank you to everyone that has taken the course! We really appreciate the kind words and reviews. Today, we are very pleased to announce the availability of the Offensive Security Web Expert (OSWE) certification.
Our Advanced Web Attacks and Exploitation (AWAE) live training course has been one of the fastest-selling classes at various industry events for years. The Black Hat classes perennially sell out in a matter of minutes, and every year we’re snowed under by demand from security professionals wondering when we’ll offer it online. For this reason, today we’re excited to announce AWAE is now available online…
Last week, an individual started to release solutions to certain challenges in the OSCP certification exam. This led to some discussion on Twitter and made it clear to us that there is a fair amount of misunderstanding about what’s on the exam, how we catch cheaters, how many people attempt to cheat, and what happens when they are discovered. In this post, we would like to shine some light on our certification process.
Today we all constantly read about data breaches that could have been prevented if the impacted organization had just done what they were supposed to do. The unfortunate reality is that cyberattacks are now a matter of ‘when’ and not ‘if’ for the average enterprise. Yet the landscape is changing and protecting your environment is actually getting more challenging not less.
Cyber adversaries are more organized and talented than ever, so an effective cyber defense now requires more than just following the right processes. Today’s enterprises need defenders who perform their jobs with an adversarial mindset. While this need is becoming more acute every day, we are also presently in the midst of an enormous cybersecurity skills shortage. These two forces are diametrically opposed and there is only one way toward resolution – practical security training.
This being the case, I couldn’t be happier to join Offensive Security as the company’s next CEO.
Offensive Security is delighted to announce the complete redesign of The Exploit Database (EDB), making it easier and faster than ever to find the data you need and presenting it to you in a responsive dashboard layout.
It’s been a busy few months for us here, and for good reason. Today we are proud to announce our new partners at Offensive Security – Spectrum Equity.
When we started out with our online training courses over 12 years ago, we made hard choices about the nature of our courses and certifications. We went against the grain, against the common certification standards, and came up with a unique certification model in the field – “Hands-on, practical certification”. Twelve years later, these choices have paid off. The industry as a whole has realized that most of the multiple choice, technical certifications do not necessarily guarantee a candidate’s technical level…and for many in the offensive security field, the OSCP has turned into a golden industry standard. This has been wonderful for certification holders as they find themselves actively recruited by employers due to the fact that they have proven themselves as being able to stand up to the stress of a hard, 24-hour exam – and still deliver a quality report.
Recently, my manager purchased a Synology NAS device for me to do some backups. Since quite a few people I know use this particular NAS (including myself now), I decided to do a quick audit on it before integrating it into my lab environment. In this blog post, I will cover two different vulnerabilities patched by Synology.
Some time ago, we noticed some security researchers looking for critical vulnerabilities affecting “security” based products (such as antivirus) that can have a damaging impact to enterprise and desktop users. Take a stroll through the Google Project Zero bug tracker to see what we mean.
A few months ago, we decided to make a new module for our Advanced Windows Exploitation class. After evaluating a few options we chose to work with an Adobe Flash 1day vulnerability originally discovered by the Google Project Zero team. Since we did not have any previous experience with Flash internals, we expected a pretty steep learning curve.
Admittedly, somewhat of a click-bait blog post title – but bear with us, it’s for a good reason. Lots of work goes on behind the scenes of Kali Linux, tools get updated every day and interesting new features are added constantly. Most of these tool updates and feature additions go unannounced, and are then discovered by inquisitive users – however this time, we had to make an exception.
Managing the Exploit Database is one of those ongoing tasks that ends up taking a significant amount of time and often, we don’t take the time to step back and look at the trends as they occur over time. Have there been more exploits over the years? Perhaps fewer? Is there a shift in platforms being targeted? Has the bar for exploits indeed been raised with the increase in more secure operating system protections?
NOW AVAILABLE ONLINEAdvanced Web Attacks and Exploitation (AWAE)
You can now take OffSec's most popular in-person training as an online course.
 | PWK For those who need to acquaint themselves with the world of offensive information security. |
 | CTP In-depth examination of the vectors used by today’s attackers to breach infrastructure security. |
 | AWE Offensive Security’s most demanding and challenging Windows exploitation course. |
 | AWAE Take a deep dive deep into the realm of advanced web application penetration testing. |
 | Wi-Fu Learn to conduct effective attacks against wireless networks of varying configurations. |
MOST POPULAR
Certified Pentesting
Professional
OSCP
course starting at
$800 USD
Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.
Certified Pentesting
Expert
OSCE
course starting at
$1200 USD
Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.
NEW ONLINE VERSION
Certified Pentesting
Web Expert
OSWE
course starting at
$1400 USD
Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.
Certified Pentesting
Wireless Professional
OSWP
course starting at
$450 USD
Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.
Certified Exploitation
Expert
OSEE
course starting at
See
Live Schedule
Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.