Blog

What’s New at OffSec – May 2021

Discord Server Updates
Server Statistics

It’s been nearly a month since we’ve migrated the community from our Rocket.chat self-hosted platform to Discord.

Before Rocket.chat closed, we had roughly 8200 users with 200 concurrent online users at any point in time. Since we’ve migrated to Discord, we have already surpassed those numbers in just a month. As of the end of May , there are 10,597 registered users, with an average of 2800 online concurrent users.

Introduction of Recently Retired OSCP Exam Machines in PWK Labs

Students can now take advantage of their PWK Labs IT network, with the addition of 5 RECENTLY retired OSCP exam machines. Read on to learn more about why we’ve made these changes.

eXtended Flow Guard Under The Microscope

Microsoft seems to be continuously expanding and evolving its set of security mitigations designed and implemented for Windows 10. In this blog post, we’ll examine an upcoming security feature called eXtended Flow Guard (XFG).

CVE-2021-1815 – macOS local privilege escalation via Preferences

Apple recently fixed three vulnerabilities in macOS 11.3’s Preferences. Here we present our writeup about how we identified one of the issues, and how we exploited it.

Intel CET In Action

In this article, we’ll examine how effective CET is at mitigating real-world exploits that make use of ROP or stack based buffer overflow vulnerabilities.

Understanding the tools/scripts you use in a Pentest

In this blog post Offensive Security will explain why you should take the time to understand and learn about your tools before you run them.

What’s New for April 2021

We’re spilling the details! Find out what’s new and what’s coming with this monthly recap of what’s happening at Offensive Security.

The Broader Application of Pentesting Skills

Learn how the fundamental skills taught in Penetration Testing with Kali Linux (PWK) are applicable beyond a career in pentesting.

J3rryBl4nks’s PEN-300 Approach

OSCP holder J3rryBl4nks shares his thoughts on Offensive Security’s Evasion Techniques and Breaching Defenses course.

New Exploit Development Course: EXP-301

Get official answers to the most common questions about OffSec’s new Windows User Mode Exploit Development course and the OSED exam.

EVASION TECHNIQUES AND BREACHING DEFENSES (PEN-300) AND OSEP EXAM REVIEW

What do you need to know before taking Evasion Techniques and Breaching Defenses (PEN-300)? Nullg0re gives us his review on the new course.

OffSec 2020 Recap

Take a look back at 2020’s course launches and updates, and learn what to expect in 2021 with this year-end recap from Offensive Security.

Proving Grounds as a Recruitment Tool

Learn how Packetlabs used Offensive Security’s Proving Grounds solution to identify and hire top penetration testing talent.

Student Spotlight: Perseverance with Rana Khalil

OSCP holder Rana Khalil shares her journey to becoming a cybersecurity analyst and her thoughts on what it takes to succeed.

Microsoft Teams for macOS Local Privilege Escalation

Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft Teams. Here’s how it works and how to secure it.

PEN-300 Frequently Asked Questions

Get official answers to the most common questions about OffSec’s new Evasion Techniques and Breaching Defenses course and the OSEP exam.

The Offsec Blog

News from behind the door.

What’s New at OffSec – May 2021

Introduction of Recently Retired OSCP Exam Machines in PWK Labs

eXtended Flow Guard Under The Microscope

CVE-2021-1815 – macOS local privilege escalation via Preferences

Intel CET In Action

Understanding the tools/scripts you use in a Pentest

What’s New for April 2021

The Broader Application of Pentesting Skills

J3rryBl4nks’s PEN-300 Approach

New Exploit Development Course: EXP-301

EVASION TECHNIQUES AND BREACHING DEFENSES (PEN-300) AND OSEP EXAM REVIEW

OffSec 2020 Recap

Proving Grounds as a Recruitment Tool

Student Spotlight: Perseverance with Rana Khalil

Microsoft Teams for macOS Local Privilege Escalation

PEN-300 Frequently Asked Questions

Courses and Certifications

Start Here

Penetration Testing with Kali Linux (PWK)

AdvancedFor Web

Advanced Web Attacks & Exploitation (AWAE)

AdvancedFor Pentest

Evasion Techniques and Breaching Defenses (PEN-300)

Network Security

Wireless Attacks(WiFu)

Expert Level ForExploit Developers

Advanced Windows Exploitation (AWE)

We provide the top Open Source penetration testing tools for infosec professionals.

News from behind the door.

Advanced
For Web

Advanced
For Pentest

Wireless Attacks
(WiFu)

Expert Level For
Exploit Developers