Offensive Security Online Exam Proctoring

When we started out with our online training courses over 12 years ago, we made hard choices about the nature of our courses and certifications. We went against the grain, against the common certification standards, and came up with a unique certification model in the field – “Hands-on, practical certification”. Twelve years later, these choices have paid off. The industry as a whole has realized that most of the multiple choice, technical certifications do not necessarily guarantee a candidate’s technical level…and for many in the offensive security field, the OSCP has turned into a golden industry standard. This has been wonderful for certification holders as they find themselves actively recruited by employers due to the fact that they have proven themselves as being able to stand up to the stress of a hard, 24-hour exam – and still deliver a quality report.

Read More

The Synology Improbability

Recently, my manager purchased a Synology NAS device for me to do some backups. Since quite a few people I know use this particular NAS (including myself now), I decided to do a quick audit on it before integrating it into my lab environment. In this blog post, I will cover two different vulnerabilities patched by Synology.

Read More

Auditing the Auditor

Some time ago, we noticed some security researchers looking for critical vulnerabilities affecting “security” based products (such as antivirus) that can have a damaging impact to enterprise and desktop users. Take a stroll through the Google Project Zero bug tracker to see what we mean.

Read More

Fldbg, a Pykd script to debug FlashPlayer

A few months ago, we decided to make a new module for our Advanced Windows Exploitation class. After evaluating a few options we chose to work with an Adobe Flash 1day vulnerability originally discovered by the Google Project Zero team. Since we did not have any previous experience with Flash internals, we expected a pretty steep learning curve.

Read More

Hacking WPA Enterprise with Kali Linux

Admittedly, somewhat of a click-bait blog post title – but bear with us, it’s for a good reason. Lots of work goes on behind the scenes of Kali Linux, tools get updated every day and interesting new features are added constantly. Most of these tool updates and feature additions go unannounced, and are then discovered by inquisitive users – however this time, we had to make an exception.

Read More

A Decade of Exploit Database Data

Managing the Exploit Database is one of those ongoing tasks that ends up taking a significant amount of time and often, we don’t take the time to step back and look at the trends as they occur over time. Have there been more exploits over the years? Perhaps fewer? Is there a shift in platforms being targeted? Has the bar for exploits indeed been raised with the increase in more secure operating system protections?

Read More

What it means to be an OSCP reloaded

In our recent blog post  “What it means to be an OSCP” we asked OSCPs to share their experience of what it means to have earned this certification and we received many tales of hardship and reward. Mike Benich sent in an entry that we felt very much captured the essence of the Offensive Security mentality; that the path to OSCP is challenging, stressful, and demanding, but the results leave you with much more than technological expertise.

Read More

Kali Linux 2.1.2 ARM Releases

The time has come for yet another Kali ARM image release with new and updated images. Our collection of supported ARM hardware grows constantly with new images from Raspberry Pi 3, Banana Pi and Odroid-C2, with the latter being our first real arm64 image. We’re really excited about our new arm64 build environment and hope to see more 64bit ARM devices running Kali in the future. Feel free to visit our Kali Linux ARM downloads page to get the latest goodness.

Read More

Kali Rolling ISO of DOOM, Too.

A while back we introduced the idea of Kali Linux Customization by demonstrating the Kali Linux ISO of Doom. Our scenario covered the installation of a custom Kali configuration which contained select tools required for a remote vulnerability assessment. The customised Kali ISO would undergo an unattended autoinstall in a remote client site, and automatically connect back to our OpenVPN server over TCP port 443. The OpenVPN connection would then bridge the remote and local networks, allowing us full “layer 3” access to the internal network from our remote location. The resulting custom ISO could then be sent to the client who would just pop it into a virtual machine template, and the whole setup would happen automagically with no intervention – as depicted in the image below.

Read More

Kali NetHunter 3.0 Released

NetHunter has been actively developed for over a year now, and  has undergone nothing short of a complete transformation since its last release. We’ve taken our time with v3.0, and the results are a complete overhaul of the NetHunter Android application, with a more polished interface and a fully functioning feature set.

Through the amazing NetHunter community work led by  binkybear, fattire, and jmingov, we can now proudly look at NetHunter and confidently consider it to be a stable, commercial grade  mobile penetration testing platform. And so, we are really excited with todays release of NetHunter 3.0 – let the games begin!

Read More

What it means to be an OSCP

When a student earns an Offensive Security certification such as the OSCP, it is a testament to the personal investment they have made as part of a commitment to excellence. Like getting a degree from a university, no matter what happens in your life from that point forward, the fact is your earned that certification and it is yours to keep. Saying this, there are some hard truths behind the path to OSCP.

Read More

MASSCAN Web Interface

A couple of weeks ago, we had the opportunity to scan and map a large IP address space covering just over 3 million hosts. Our tool of choice for this was the fast and capable masscan, which is packaged in Kali. While masscan has several convenient output formats, such as binary and XML, one feature we were missing was an easy way to search our results. We quickly whipped up a little web interface that would allow us to import and search within a masscan XML output file. This feature proved very useful for us – as once we identified a specific vulnerable pattern on a machine, we could easily cross reference this pattern with over the millions of discovered hosts in our database.

Read More

Kali Linux 2.0 Top 10 Post Install Tips

With Kali 2.0 now released, we wanted to share a few post install procedures we find ourselves repeating over and over, in the hopes that you will find them useful as well. We’ve also slapped in some answers to common questions we’ve been getting. Here is our top 10 list:

Read More

Kali 2.0 Dojo Black Hat / DEF CON USA 2015

Last years event was a rousing success, with many attendees staying all day long and working through the multiple exercises. We had such a great time, we wanted to do it again. This is a great chance to get hands on with Kali 2.0, learning the cutting edge features and how to best put them to use. In this two session workshop series, we will be covering how to create your own custom Kali ISO that is tweaked and modified to exactly fit your needs. This will be followed up in the second session with a hands-on exercise of deploying Kali on USB sticks so that it contains several persistent storage profiles, both regular and encrypted – including the LUKS nuke feature.

Read More

What’s New with Exploit Database?

New Features in the Exploit Database

Over the past 6 years, we have been maintaining and updating the Exploit Database on a daily basis, which now boasts over 35,000 exploits. While we constantly work on improving our back-end and entry quality. Over the years there haven’t really been any updates to the front-end, which has traditionally stayed ominously dark and foreboding. As you may have already seen this changed about two weeks ago, with the introduction of the new and improved Exploit Database website.

… Read more »

Read More