Offensive Security Online Training & Pentesting Blog - Part 4

Yahoo XSS 0-Day

Yahoo DOM XSS 0day – Not fixed yet!

January 8, 2013Offensive Security

After discussing the recent Yahoo DOM XSS with Shahin from Abysssec.com, it was discovered that Yahoo’s fix is not effective as one would hope. According to Yahoo, this issue was fixed at 6:20 PM EST, Jan 7th, 2013. With little modification to the original proof of concept code written by Abysssec, it is still possible to exploit the original Yahoo vulnerability, allowing an attacker to completely take over a victim’s account. The victim has to be lured to click a link which contains malicious XSS code for the attack to succeed. This can demonstrated by the video we have created just this morning (Jan 8th, 2013) after Shahin kindly shared proof of concept code with us.

Fun with AIX Shellcode and Metasploit

Fun with AIX Shellcode and Metasploit

November 20, 2012Exploit Development

In one of our recent pentests, we discovered an 0day for a custom C application server running on the AIX Operating System. After debugging the crash, we discovered that the bug could lead to remote code execution and since we don’t deal very often with AIX exploitation, we decided to write an exploit for it. The first steps were accomplished pretty quickly and we successfully diverted the execution flow by jumping to a controlled buffer. At this point, we thought we could easily generate some shellcode from MSF and enjoy our remote shell.

CA ARCserve – CVE-2012-2971

CA ARCserve – CVE-2012-2971

October 30, 2012Exploit Development, Offensive Security

On a recent penetration test, we encountered an installation of CA ARCserve Backup on one of the target systems that piqued our interest. Like most “good” enterprise applications, ARCserve has processes that are running as SYSTEM so naturally, we went straight to work looking for vulnerabilities.

Advanced Windows Exploitation - Vienna, Austria

AWE is Going to Vienna, Austria

October 24, 2012Offensive Security

Join us for a mind-blowing experience in a city known for its dynamic history and contemporary design, Vienna, Austria. For the first time in Europe we are holding our most intense live training course, Advanced Windows Exploitation (AWE). Be prepared to be challenged beyond your limits!

Onity Door Unlocker Round Two

Onity Door Unlocker, Round Two.

October 23, 2012Offensive Security

On one of our engagements, we figured an Onity Hotel door unlocker would be useful to us. Inspired by the James bond type setup we saw on the Spiderlabs blog post, we thought we’de try to build a small, simple and “TSA friendly” version of the Onity key unlocker. Pro Tip: Connecting a 9v battery with the wrong polarity to an Arduino Mini Pro will make pretty sparks.

Stand-Alone EM4x RFID Harvester

Stand-Alone EM4x RFID Harvester

September 27, 2012Offensive Security

Continuing off from our last RFID Cloning with Proxmark3 post, we wanted to build a small, portable, stand-alone EM4x RFID tag stealer. We needed an easy way of storing multiple tag IDs whilst “rubbing elbows” with company personnel. The proxmark3 seemed liked an overkill and not particularly fast at reading em4x tags so we figured we’d try hooking up our RoboticsConnection RFID reader to a Teensy and see if we could make them play nicely together.

Cloning RFID Tags with Proxmark 3

Cloning RFID Tags with Proxmark 3

September 24, 2012Offensive Security

Our Proxmark 3 (and antennae) finally arrived, and we thought we’d take it for a spin. It’s a great little device for physical pentests, allowing us to capture, replay and clone certain RFID tags. We started off by reading the contents of the Proxmark wiki, to understand (more or less) what we are up against. This proved to be a vitally important step, and we are thankful we had the insight to RTFM a tad bit before.

Advanced Teensy Penetration Testing Payloads

Advanced Teensy Penetration Testing Payloads

September 14, 2012Offensive Security

In one of our recent engagements, we had the opportunity to test the physical security of an organization. This assessment presented an excellent scenario for a USB HID attack, where an attacker would stealthily sneak into a server room, and connect a malicious USB device to a server with logged on console, thus compromising it. From here, the “Peensy” (Penetration Testing Teensy?) was born.

Offsec BlackHat / Defcon Scavenger Hunt

Offsec BlackHat / Defcon Scavenger Hunt

July 24, 2012Offensive Security

Are you in Vegas for BlackHat and Defcon ? Are you desperately looking for Offensive Security schwag ? We are giving out Metasploit books, BackTrack Challenge coins and large sized BackTrack Decals in this years BlackHat and Defcon conferences. So, what exactly does one need to do to get these…

Metasploit 4 on iPhone 4S & iPad 2

Metasploit 4 on iPhone 4S & iPad 2

May 31, 2012Offensive Security

With the recent Absinthe Jailbreak which opens up firmware 5.1.1 to Cydia, we once again tried to get Metasploit running on these iBabies. After a bit of fiddling around with various ruby package versions, its seems like the following combination works well with the latest version of Metasploit 4.4.0-dev (as…

FreePBX Exploit Phone Home

FreePBX Exploit Phone Home

March 23, 2012Exploit Development, Offensive Security

During a routine scan of new vulnerability reports for the Exploit Database, we came across a single post in full disclosure by Martin Tschirsich, about a Remote Code Execution vulnerability in FreePBX. This vulnerability sounded intriguing, and as usual, required verification in the EDB. At first glance, the vulnerability didn’t…

word-header-v2.3

Sample Penetration Test Report

March 1, 2012Offensive Security

There are two different ways of doing things in this InfoSec world we are in. We can chase the money, or we can focus on doing what we feel is right. Then do that with passion. At Offensive Security, it has always been about doing things with passion. Try harder...

Live Training in St. Kitts and Nevis

Live Training in St. Kitts and Nevis

January 25, 2012Offensive Security

Our recent Penetration Testing with BackTrack Live Training in St. Kitts was a great success. This was the first time that we have done the class in the Caribbean, and we were really curious to see how it would go - as there is no denying there are some obstacles...

Modern Warfare Students vs Trainers 0x2

Modern Warfare Students vs Trainers 0x2

January 18, 2012Offensive Security

Our first modern warfare tournament against our students was… humbling. Don’t get me wrong, we had our victories, but all in all we left the grounds wounded and limping. Between getting blown up by RPGs, massacred by drones or carpet bombed by B52’s we didn’t have it easy. Unfortunately, this was all documented and very soon, the screenshots and youtube videos arrived. The ones voted the best, somehow involved me getting blown up, as you can see below.

Live Training in St. Kitts and Nevis

Re-Discover Your Inner Pirate

January 18, 2012Offensive Security

Johnny here, again…I’m excited to announce that Muts and I will be co-presenting the second Pentesting With Backtrack course in December 3-7, 2012 in St. Kitts! I’m excited on a couple different levels. First, I’m excited to get back to St. Kitts. Maybe it’s the inner pirate calling me back to the Caribbean, or maybe it’s just that the place is so exotic and beautiful. I enjoyed the breathtaking views with white beaches, mountains and electric blue water so much that on some days I wonder why I haven’t just packed up and moved there.

Load More

Jump Start your InfoSec Career Today!

PWK For those who need to acquaint themselves with the world of offensive information security.

CTP In-depth examination of the vectors used by today’s attackers to breach infrastructure security.

AWE Offensive Security’s most demanding and challenging Windows exploitation course.

AWAE Take a deep dive deep into the realm of advanced web application penetration testing.

Wi-Fu Learn to conduct effective attacks against wireless networks of varying configurations.

Archives