PWK: All New for 2020

Penetration Testing with Kali Linux (PWK) has gotten a massive overhaul for 2020. Find out what’s new in Offensive Security’s foundational pentesting course.

Read More

Try Harder: From Mantra to Mindset

Our community manager, Tony Punturiero, breaks down the meaning of Offensive Security’s legendary motto “Try Harder”, and how it can help jump start your cyber career.

Read More

Understanding the Fundamentals of Web Application Security

Web application security can be a rewarding career path. However, the web application security space, and cybersecurity industry as a whole, lives in a constant state of change. An unrelenting curiosity and passion for lifelong learning is mandatory for anyone seeking to specialize in this niche. Here are some fundamentals to help you pursue these skills.

Read More

Cybersecurity Awareness Month 2019

October is National Cybersecurity Awareness Month. It’s an effort to raise awareness about cybersecurity among those who aren’t typically aware or concerned. For those of us in the infosec industry, it’s a good reminder that we’re in a position to mentor those around us in having safer online lives.

In support of Cybersecurity Awareness Month 2019, we’ve gathered some basic resources you can share with friends and family outside infosec.

Read More

Analyzing a Creative Attack Chain Used to Compromise a Web Application

What if someone was able to access and steal your company’s intellectual property or customer data? These are the types of concerns Chief Information Security Officers lose sleep over. Despite conducting frequent and independent security audits, even the most security focused organizations can remain susceptible to the latest vulnerabilities and attacks.

Today, most organizations handle sensitive personal and business data in web based applications, and as a result, allocating resources towards vulnerability mitigation isn’t a choice anymore, it’s a must.

In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).

Read More

5 Best Practices for Web Application Security

When it comes to web application security, there are many measures you can implement to reduce the chances of an intruder stealing sensitive data, injecting malware into a webpage, or public defacement. As more and more organizations transition their business operations to web applications, security in the development process can no longer be an afterthought. Whether it’s a code injection, privilege escalation, DDoS attack, or a vulnerable element, bad actors are constantly looking for creative ways to manipulate exploits for personal gain.

We’ve rounded up our top five (5) best practices to help you fortify your application security.

Read More

BlackHat 2019 Recap

BlackHat has always been one of our favorite industry conferences. Although OffSec has been providing educational workshops for years at BlackHat, this was our first year holding an official booth. The booth was a major hit, as we had the opportunity to chat with long-time Offensive Security alumni and also meet some new faces…

Did you attend one our BlackHat workshops or stop by the OffSec booth? If so, we’d love to hear about your experience and any feedback you might have — tag us on Twitter @OffSecTraining!

Read More

Sitting down with OffSec’s new community manager, Tony Punturiero

Our team is super excited to welcome Tony Punturiero, founding member and moderator of NetSecFocus, as Offensive Security’s new community manager. Some of you may know Tony already, as he’s been a knowledgeable InfoSec community member long before he officially joined us.

As community manager, Tony will ensure that OffSec does an even better job of communicating with our customers, listening to feedback, and advocating internally as the voice of our customers.

Read More