Kali Linux on a Galaxy Note 10.1

Kali Linux on a Galaxy Note 10.1

Kali Linux
Here at Offsec, we love playing with hardware. Be it something like the Onity Hotel Door Unlocker, a Teensy USB HID attack payload, or RFID hacks - if it's shiny, we like it. While we were in the last stages of developing Kali Linux, we made the effort to to…
Read More
Kali Linux a new dawn has come...

Kali Linux Has Been Released!

Kali Linux
Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We've taken all of this knowledge and experience and implemented it in our "next generation" penetration testing distribution.
Read More
AWE Vienna Course: Advanced Windows Exploitation

Advanced Windows Exploitation Vienna

Offensive Security
The Advanced Windows Exploitation (AWE) class in Vienna is coming up quick! This will be our first time teaching the class outside of the US and is the only public planned AWE this year outside of BlackHat Vegas. We have secured a beautiful facility on the 24th floor of the…
Read More
BackTrack Reborn - Kali Linux

BackTrack Reborn – Kali Linux

Offensive Security
It’s been 7 years since we released our first version of BackTrack Linux, and the ride so far has been exhilarating. When the dev team started talking about BackTrack 6 (almost a year ago), each of us put on paper a few “wish list goals” that we each wanted implemented…
Read More
Yahoo XSS 0-Day

Yahoo DOM XSS 0day – Not fixed yet!

Offensive Security
After discussing the recent Yahoo DOM XSS with Shahin from Abysssec.com, it was discovered that Yahoo's fix is not effective as one would hope. According to Yahoo, this issue was fixed at 6:20 PM EST, Jan 7th, 2013. With little modification to the original proof of concept code written by…
Read More
Fun with AIX Shellcode and Metasploit

Fun with AIX Shellcode and Metasploit

Exploit Development
In one of our recent pentests, we discovered an 0day for a custom C application server running on the AIX Operating System. After debugging the crash, we discovered that the bug could lead to remote code execution and since we don't deal very often with AIX exploitation, we decided to…
Read More
CA ARCserve – CVE-2012-2971

CA ARCserve – CVE-2012-2971

Exploit Development, Offensive Security
On a recent penetration test, we encountered an installation of CA ARCserve Backup on one of the target systems that piqued our interest. Like most "good" enterprise applications, ARCserve has processes that are running as SYSTEM so naturally, we went straight to work looking for vulnerabilities.
Read More
Advanced Windows Exploitation - Vienna, Austria

AWE is Going to Vienna, Austria

Offensive Security
Join us for a mind-blowing experience in a city known for its dynamic history and contemporary design, Vienna, Austria. For the first time in Europe we are holding our most intense live training course, Advanced Windows Exploitation (AWE). Be prepared to be challenged beyond your limits!
Read More
Onity Door Unlocker Round Two

Onity Door Unlocker, Round Two.

Offensive Security
On one of our engagements, we figured an Onity Hotel door unlocker would be useful to us. Inspired by the James bond type setup we saw on the Spiderlabs blog post, we thought we'de try to build a small, simple and "TSA friendly" version of the Onity key unlocker. Pro…
Read More
Stand-Alone EM4x RFID Harvester

Stand-Alone EM4x RFID Harvester

Offensive Security
Continuing off from our last RFID Cloning with Proxmark3 post, we wanted to build a small, portable, stand-alone EM4x RFID tag stealer. We needed an easy way of storing multiple tag IDs whilst "rubbing elbows" with company personnel. The proxmark3 seemed liked an overkill and not particularly fast at reading em4x…
Read More
Cloning RFID Tags with Proxmark 3

Cloning RFID Tags with Proxmark 3

Offensive Security
Our Proxmark 3 (and antennae) finally arrived, and we thought we’d take it for a spin. It’s a great little device for physical pentests, allowing us to capture, replay and clone certain RFID tags. We started off by reading the contents of the Proxmark wiki, to understand (more or less)…
Read More
Advanced Teensy Penetration Testing Payloads

Advanced Teensy Penetration Testing Payloads

Offensive Security
In one of our recent engagements, we had the opportunity to test the physical security of an organization. This assessment presented an excellent scenario for a USB HID attack, where an attacker would stealthily sneak into a server room, and connect a malicious USB device to a server with logged…
Read More
Offsec BlackHat / Defcon Scavenger Hunt

Offsec BlackHat / Defcon Scavenger Hunt

Offensive Security
Are you in Vegas for BlackHat and Defcon ? Are you desperately looking for Offensive Security schwag ? We are giving out Metasploit books, BackTrack Challenge coins and large sized BackTrack Decals in this years BlackHat and Defcon conferences. So, what exactly does one need to do to get these…
Read More
Metasploit 4 on iPhone 4S & iPad 2

Metasploit 4 on iPhone 4S & iPad 2

Offensive Security
With the recent Absinthe Jailbreak which opens up firmware 5.1.1 to Cydia, we once again tried to get Metasploit running on these iBabies. After a bit of fiddling around with various ruby package versions, its seems like the following combination works well with the latest version of Metasploit 4.4.0-dev (as…
Read More
FreePBX Exploit Phone Home

FreePBX Exploit Phone Home

Exploit Development, Offensive Security
During a routine scan of new vulnerability reports for the Exploit Database, we came across a single post in full disclosure by Martin Tschirsich, about a Remote Code Execution vulnerability in FreePBX. This vulnerability sounded intriguing, and as usual, required verification in the EDB. At first glance, the vulnerability didn’t…
Read More
Menu