How to Update to BackTrack 2.6.34

Several people have been asking for instructions on updating hard drive installs of BackTrack – here’s a quick set of commands to upgrade your BackTrack machine – and prepare the kernel sources – for example VMWare tools or VirtualBox tools kernel module compilations.

Read More

BackTrack ISO Kernel 2.6.34 Upgrade

Last night we moved a new kernel package (2.6.34) out of the testing repositories, and into the official ones. This kernel update marks a huge improvement in hardware support and desktop responsiveness. In addition to the kernel, we have added several external wireless drivers – madwifi-ng (ath_pci), broadcom-sta (wl, no injection), r8187 drivers and rt73 k2wrlz drivers.

Read More

BackTrack 5 and Exploit-DB Updates

Exciting times here at Offensive Security. Two of our most major projects are off to new and amazing directions – BackTrack and the Exploit Database. The BackTrack development team is now officially funded by Offensive Security, bringing a new era of a high quality penetration testing distribution. In addition, the EDB has started a new R&D initiative which will result in some interesting blog posts.

Read More

How to Hack your Way to BlackHat Vegas

This past weekend Offensive Security ran its second cyber hacking challenge, “How Strong is Your Fu – Hacking for Charity“. We first separated the contestants into groups of 10 and each had 48 hours to hack into our 5 evil machines that were conjured up by the VM gremlins of the Offensive Security Team.

Read More

Penetration Testing Tools

We are coming close to a public release of BackTrack R1 – the world’s leading penetration testing distribution. We wanted to provide an opportunity for our users to make last suggestions for tools which are currently NOT present , but should be included. Please use the following form to submit your suggestions to our development team.

Read More

Evocam Remote Buffer Overflow on OSX

This guide comes from my own journey from finding a buffer overflow in an OS X application to producing a working exploit. I have reasonably good exploit development skills having completed the Penetration Testing with BackTrack and Cracking the Perimeter training courses, and working on several buffer overflow exploits. The majority of my exploit development skills are based around Windows vulnerabilities and using the OllyDBG debugger.

Read More

How Strong Is Your Schmooze ?

Are you looking for a real Social Engineering CTF challenge? Join Social-Engineer.Org and Offensive Security in the Official Social Engineering CTF hosted at Defcon 18.

Read More

BackTrack 4 Release 1 (R1 Dev)

The release of BackTrack 4 unleashed a whirlwind of over 1 million downloads. Information Security specialists and Penetration Testers from all over the world showing their support and love for the product that has become the #1 Penetration Testing Distribution.

Read More

Malicious Google Gadgets in Action

Malicious Google WidgetA new report by emgent shows malicious Google Gadgets in action. The vulnerability lies in the ability of a malicious user to add their own Gadgets on a separate domain space, without Google’s authorization. The attack variant shown in the movie can be altered to steal cookies, run arbitrary JavaScript on victim machines, and could be further weaponised to great Malicious Google Gadget worms.
When researching this topic, we found references to similar vulnerabilities which date back to 2007, reported by Tom Stracener and Robert Hansen.

Read More

How Strong is Your Fu?

We are happy to announce our first Public Hacking Tournament, labeled “How strong is Your Fu?“. The Hacking Tournament will last for two days, and may go on longer, depending on how long our machines survive. The reward ? The winner of the tournament will be able to choose ONE of our Online courses, free of charge. This could be either PWB, WiFu or CTP (30 day labs where relevant).
Registration for the contest,

… Read more »

Read More

How to choose your Information Security Training

In the past couple of years, the economy has struck hard on organizations seeking to educate their employees. Training budgets have been cut down, and choosing the right course that will give you real Return on Investment is not an easy job. This is especially true in the offensive Information Security Training arena, where standards and qualifications are weakly defined. So how can you make sure you’re getting your money’s worth ?

Welcome to our “10 questions you should be asking your Information Security Training Provider“.

… Read more »

Read More

Return Oriented Exploitation (ROP)

For all those who registered to AWE in BlackHat Vegas 2010 – we have special surprise for you… We’ve updated our “Bypassing NX” module with the buzzing ROP exploitation method.

Read More