The Offensive Security Blog

Stay up-to-date with the latest news and updates by subscribing to our RSS feed!

Blog Posts and Recent News from Offensive Security

Try Harder – stay up-to-date with the latest Offensive Security News and Kali updates by subscribing to our RSS feed!

Offensive Security penetration testing articles about our online training courses, Kali Linux development, exploit research and security services.

NetHunter 1.0.2 Released!

Disarming EMET v5.0

In our previous Disarming Emet 4.x blog post, we demonstrated how to disarm the ROP mitigations introduced in EMET 4.x by abusing a global variable in the .data section located at a static offset. A general overview of the EMET 5 technical preview has been recently published here.

Read More
Symantec Endpoint Protection: Privilege Escalation

Symantec Endpoint Protection 0day

In a recent engagement, we had the opportunity to audit a leading Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.

Read More
Disarming Enhanced Mitigation Experience Toolkit

Disarming Enhanced Mitigation Experience Toolkit (EMET)

With the emergence of recent Internet Explorer Vulnerabilities, we’ve been seeing a trend of EMET recommendations as a path to increasing application security. A layered defense is always helpful as it increases the obstacles in the path of an attacker. However, we were wondering how much does it really benefit? How much harder does an attacker have to work to bypass these additional protections? With that in mind, we started a deep dive into EMET.

Read More
Kali Evil Access Point

Kali Linux Evil Wireless Access Point

A few days ago, we had the opportunity to deploy a rogue access point that would steal user credentials using a fake, captive web portal, and provide MITM’d Internet services via 3G. We needed reliability and scalability in our environment as there would potentially be a large amount of, erm….”participants” in this wireless network. We were pretty happy with the result and quickly realized that we had created a new “Kali Linux recipe”. Or in other words, we could create a custom, bootable wireless evil access point image, which could do all sorts of wondrous things.

Read More
A Penetration Testing Platform Explored

Announcing the Kali Linux Dojo

For the past 6 months, we’ve been busy silently developing an advanced Kali Linux course the likes of which has not yet been seen in the industry. This set of in-depth, practical workshops focuses on the Kali operating system itself, demonstrating some of its advanced features and use-cases by its developers. As with all “Offensive Security” training, this workshop is intensive, educational, and addictively engaging. If you’ve ever wished for fluent proficiency with Kali Linux, this workshop is for you.

Read More
Kali Linux LUKS Encrypted USB Persistence

Kali Encrypted USB Persistence

A couple of days ago, we added an awesome new feature to Kali allowing users to set up a Live Kali USB with encrypted persistence. What this means is that you can now set up a bootable Kali USB drive allowing you to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, allowing you to securely save your changes on the USB drive between reboots. If you add our LUKS nuke feature into this mix together with a 32GB USB 3.0 thumb drive, you’ve got yourself a fast, versatile and secure “Penetration Testing Travel Kit”.

Read More
Kali Linux Recipes

Kali Linux Recipes

A couple of days ago, we received an e-mail from a university professor asking for advice regarding Linux distributions to be used in his security 101 classes. In its default configuration, Kali Linux wasn’t a 100% match for his needs, which were quite specific:

Read More
Kali Linux Trademarks

Kali Linux Trademarks

It’s been a year since we’ve released Kali Linux, and we’re happy to see it succeed. Kali has surpassed BackTrack Linux in many ways and the community is responding accordingly. Between the improved development cycle, more attentive support, and larger community, Kali Linux has reached new heights of popularity. This popularity however, does not come without its own issues. One of the big problems we’ve been facing in the past year is rampant violations of our Kali Linux Trademarks.

Read More
Kali Linux Custom Raspberry Pi ® Script

Generating Kali Raspberry Pi Images

Kali Linux Raspberry Pi Image Updated!” That was supposed to be the “tweet” we would release, telling everyone our new Kali Linux Raspberry Pi image was supposedly better than our old one. We often update our followers with news like this on twitter, and this tweet would be no different. However, this time, we thought it would be interesting to tell you about the mechanics of updates like these, and shed some light on how these “news items” come about. This post will also give us the opportunity to describe the process of running our custom Kali Linux ARM build scripts, by way of a story. If you couldn’t care less about this story, and just want the updated image – head straight to our Kali Linux Custom Image page!

Read More
Exploit Database now on Github

Exploit Database Hosted on GitHub

We have recently completed some renovations on the Exploit Database backend systems and moved the EDB exploit repository to Github. This means that it’s now easier than ever to copy, clone or fork the whole repository. The previous SVN CVS has been retired.

Read More
Bug Bounty Insights

Bug Bounty Program Insights

With the nature of our business, we at Offensive Security take our system security very seriously and we appreciate the benefits of having “the crowd” scrutinize our internet presence for bugs. For this reason, we recently started our own Bug Bounty Program, which provides incentives for researchers to inform us of possible vulnerabilities in our sites in exchange for cash rewards.

Read More
Penetration Testing With Kali

Penetration Testing with Kali Linux – Online Course Update

Over a year ago, when we first sat down and began on what would become Kali Linux, we realized that with all the major changes, we would also need to update our flagship course, Penetration Testing with BackTrack (PWB), to be inline with Kali Linux. With the release of Kali, we ensured that we mentioned the impact this would have on PWB and that an update to the course was in the works.

Read More
NDPROXY local SYSTEM exploit CVE-2013-5065

NDPROXY Local SYSTEM exploit CVE-2013-5065

In the past few days there has been some online chatter about a new Windows XP/2k3 privilege escalation, well documented by FireEye. Googling around, we came across a Twitter message which contained a link to a Chinese vulnerability analysis and PoC.

Read More
BlackHat Seattle, Pentesting with Kali Linux!

Penetration Testing with Kali Linux at Black Hat Seattle Dec 9th-12th

We are proud to announce that we will be teaching Penetration Testing with Kali Linux at Black Hat’s December event in Seattle Washington. This will be the second time we will be teaching this class live.

Read More
Offensive Security Penetration Test Report 2013

Penetration Test Report 2013

We are proud to release a new, updated, sample penetration test report. This report accurately reflects the types of assessments we conduct for our clients. It incorporates changes we have made over the last two years based on customer feedback, as well as reflecting many of the types of attacks we have found to be effective in multiple customer environments.

Read More