BackTrack 4 R1 Dev Public Release
As promised, we are releasing a BackTrack 4 R1 information security and penetration testing development build to the public for hardware testing.
Read MoreBackTrack 4 Release 1 (R1 Dev)
The release of BackTrack 4 unleashed a whirlwind of over 1 million downloads. Information Security specialists and Penetration Testers from all over the world showing their support and love for the product that has become the #1 Penetration Testing Distribution.
Read MoreMalicious Google Gadgets in Action
A new report by emgent shows malicious Google Gadgets in action. The vulnerability lies in the ability of a malicious user to add their own Gadgets on a separate domain space, without Google’s authorization. The attack variant shown in the movie can be altered to steal cookies, run arbitrary JavaScript on victim machines, and could be further weaponised to great Malicious Google Gadget worms.
When researching this topic, we found references to similar vulnerabilities which date back to 2007, reported by Tom Stracener and Robert Hansen.
How Strong is Your Fu?
We are happy to announce our first Public Hacking Tournament, labeled “How strong is Your Fu?“. The Hacking Tournament will last for two days, and may go on longer, depending on how long our machines survive. The reward ? The winner of the tournament will be able to choose ONE of our Online courses, free of charge. This could be either PWB, WiFu or CTP (30 day labs where relevant).
Registration for the contest,
How to choose your Information Security Training
In the past couple of years, the economy has struck hard on organizations seeking to educate their employees. Training budgets have been cut down, and choosing the right course that will give you real Return on Investment is not an easy job. This is especially true in the offensive Information Security Training arena, where standards and qualifications are weakly defined. So how can you make sure you’re getting your money’s worth ?
Welcome to our “10 questions you should be asking your Information Security Training Provider“.
Read MoreReturn Oriented Exploitation (ROP)
For all those who registered to AWE in BlackHat Vegas 2010 – we have special surprise for you… We’ve updated our “Bypassing NX” module with the buzzing ROP exploitation method.
Read MorePHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit
An interesting submission to EDB today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.
Read MoreUpcoming Courses and Security Training
BlackHat Offensive Security Training Courses are selling out…sign up quick! To all those who signed up – we’ve got some special things planned for you, you’re definitely in for a ride. Thanks for flying Offsec.
Read MorePenetration Testing With BackTrack v.3.0 Alive!
Penetration Testing with BackTrack v3.0 now available and better than ever!
Read MoreQuickZip Stack BOF : A box of chocolates – part 2
Today (as promised in part 1 of the QuickZip Stack BOF exploit write-up), I will explain how to build the exploit for the quickzip vulnerability using a pop pop ret pointer from an OS dll.
At the end of part 1, I challenged you, the Offensive Security Blog reader, to try to build this exploit (using a ppr pointer from an OS dll) yourself (try hard) and to contact me if you were able to complete the exercise.
Read MorePWB v3.0 – Offensive Security Online Training at its Best
Penetration Testing with BackTrack updates
Read MoreQuickZip Stack BOF 0day: a box of chocolates
A few days ago, one of my friends (mr_me) pointed me to an application that appeared to be acting somewhat “buggy” while processing “specifically” crafted zip files. After playing with the zip file structure for a while (thanks again, mr_me, for documenting the zip file structure), I found a way to make the application crash and overwrite a exception handler structure.
In this article, I will explain the steps I took to build an exploit for this bug.
Read MorePWB V.3.0 Available March 21st, 2010
The Offensive Security team is excited to announce the release date of v3.0 of the Pentesting With BackTrack Course. On March 21, 2010 the course will be made live. The team has worked overtime to ensure the videos and labs are better than ever.
With new modules, more in depth explanations and a new rich lab environment, this will prove to be a very exciting release. We are opening up early registration for those interested in signing up now.
Read MoreMultiple Media Player HTTP DataHandler Overflow
We recieved an interesting submission today at exploit-db from Dr_IDE. We have verified that both Quicktime and Itunes crash on Windows and OSX. The description reads:
“There is a widespread failure in the way that (.MOV) files are handled by the Quicktime Library. I have attempted to compound my findings on this issue.
Nearly every (.MOV) enabled application that I tested fell victim to this exploit. This is a local memory corruption vulnerability in the way these programs process a malformed file.
Read MorePentesting With BackTrack v.3.0
BackTrack 4 Downloads are still going strong with over 30,000 registered downloads up to now. We are currently working on updating our new course materials based on BackTrack 4. We expect the new version to be available soon.
As always, alumni students will be able to upgrade their version of PWB. The upgrade fee will (as usual) be the difference between the current price and new one. No, we don’t have pricing information at this point!
Read More