Offensive Security certifications are the most well-recognized and respected in the industry. Courses focus on real-world skills and applicability, preparing you for real-life challenges. Online, live, and in-house courses available.
We’ve got a bunch of exciting news, I’ll try to make this as short and concise as possible.
The guys from the Metasploit project have teamed up with Offensive Security to significantly expand our current Metasploit Unleashed public course. Work is underway!
Apropos MSFU, some statistics – over 3 million page views, 80k unique visitors and 58,000 password bruteforce attempts since the course is up.
BackTrack 4 development is going on strong,
Read More5M7X has completed his DECT write-up, and it rocks. As DECT phone manufacturers rarely give any indication about their phone encryption capabilities, the only reliable way to check the security of your phone is to test it yourself.
Read More
In conjunction with a team of social engineers, penetration testers and information security experts, www.social-engineer.org is opening its “virtual” doors today.
The team at Offensive Security has been working with many contributors and specialists to put together the Webs Official Framework for Social Engineering.
www.social-engineer.org will house an ever growing framework for social engineering as well tools, how-to’s, informational reviews and podcasts all geared at helping security minded professionals enhance their awareness and knowledge in the field of social engineering.
Read MoreBIG FAT HAIRY NOTE: IT IS ILLEGAL TO RECORD PHONE CONVERSATIONS IN MANY COUNTRIES. For a list of state privacy laws in the US, click here and here.
Thanks to 5m7x, dedected is soon to be added to the BackTrack repositories. In our internal tests, the standard AT&T cordless phone was found not to use encryption. The recording quality was phenomenal – you can find a copy of this recording here.
Read MoreThe “Metasploit Unleashed” online courseware is almost ready! We had several technical issues which delayed the release of the course by a couple of weeks. Here’s a quick teaser, showing some of the TOC.
We expect the online version to be released in a week or so, and the full set of videos be available for purchase at the end of the month.
Read MoreA remote Microsoft FTP server exploit was released today by Kingcope, and can be found at http://milw0rm.com/exploits/9541, https://www.exploit-db.com/exploits/9541/
A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small payload size allowed by the SITE command, which was limited to around 500 bytes.
After a bit of tinkering around,
Read MoreWe have pushed a new kernel to the repository and updated several drivers. The upgrade process is a bit convoluted, but has been streamlined for the future. For now, run these commands from your backtrack box to update to the latest kernel and drivers:
apt-get update
apt-get install -d linux-image
cd /var/cache/apt/archives/
dpkg -i –force all linux-image-2.6.30.5_2.6.30.5-10.00.Custom_i386.deb
apt-get dist-upgrade
apt-get install madwifi-drivers
apt-get install r8187-drivers
After a reboot,
Read MoreThe latest Linux Kernel ‘sock_sendpage()’ NULL Pointer Dereference Vulnerability did not spare BackTrack 4 either. We’ve taken this opportunity to upgrade the BackTrack 4 kernel and include the required security patch.
The patched kernel source and image can be downloaded here :
BackTrack 4 Kernel Image (2.6.30.4)
BackTrack 4 Kernel Source (2.6.30.4)
*Links removed*
The repositories will be updated soon, to include additional drivers compiled against this kernel.
Read MoreThe Offensive Security Team along with several active community members, have been working diligently to bring you an in depth course on the Metasploit Framework – “Mastering the Framework” . This course will take you on a journey through the Metasploit Framework in full detail, and will include the latest MSF features such as:
Social Engineer your way to a free course!
DC718 and Telephreak are bringing Social Engineering back to Defcon.
Offensive Security has linked together with DC718, Telephreak, the contest/event Goons Pyr0 and Russr and www.social-engineer.org to have the best of the best to judge and help mold this contest into the display of the serious threat that still exists with this attack vector. For more information,
Read MoreTwo weeks later..
A wonderful BackTrack CUDA guide – showing some of the amazing CUDA tools included in BackTrack 4. MD4/MD5/NTLM hashes getting cracked at speeds of over 200M/s (million…two hundred of em…)
Check out the BackTrack 4 CUDA Guide by pure_hate
Read MoreAs usual, brand new kernel woes with VMware. Here’s a quick way to patch up VMware 6.5.2 to get the modules to compile. Start by downloading and installing VMWare Workstation 6.5.2.
Read More
Our BackTrack repositories keep getting updated with new tools, drivers etc. For example, we just added legacy madwifi-ng and r8187 injection capable drivers to the repository. You can follow these simple steps to add them to your iso, and keep it updated in general.
Read MoreAs we havn’t released a VMware image yet, and vmware-tools does not play nice with our 2.6.29.4 kernel, i thought i’de post a short how-to on getting VMware tools installed in BT4 as a VMware guest. I used VMware Workstation 6.5.2 to test this.
The BackTrack kernel sources are already in place, so all that’s left to do is install BackTrack in VMware and start the VMware tools install. BackTrack uses up around 5 GB once installed,
Read More
