Offensive Security Online Training & Pentesting Blog

Bug Bounty Program Insights

December 23, 2013

With the nature of our business, we at Offensive Security take our system security very seriously and we appreciate the benefits of having "the crowd" scrutinize our internet presence for bugs. For this reason, we recently started our own Bug Bounty Program, which provides incentives for researchers to inform us of possible vulnerabilities in our sites in exchange for cash rewards.

Penetration Testing with Kali Linux – Online Course Update

December 19, 2013

Offensive Security

Over a year ago, when we first sat down and began on what would become Kali Linux, we realized that with all the major changes, we would also need to update our flagship course, Penetration Testing with BackTrack (PWB), to be inline with Kali Linux. With the release of Kali, we ensured that we mentioned the impact this would have on PWB and that an update to the course was in the works.

NDPROXY Local SYSTEM exploit CVE-2013-5065

December 4, 2013

Exploit Development

In the past few days there has been some online chatter about a new Windows XP/2k3 privilege escalation, well documented by FireEye. Googling around, we came across a Twitter message which contained a link to a Chinese vulnerability analysis and PoC.

BlackHat Seattle, Pentesting with Kali Linux!

Penetration Testing with Kali Linux at Black Hat Seattle Dec 9th-12th

September 17, 2013

Offensive Security

We are proud to announce that we will be teaching Penetration Testing with Kali Linux at Black Hat's December event in Seattle Washington. This will be the second time we will be teaching this class live.

Penetration Test Report 2013

September 3, 2013

Offensive Security

We are proud to release a new, updated, sample penetration test report. This report accurately reflects the types of assessments we conduct for our clients. It incorporates changes we have made over the last two years based on customer feedback, as well as reflecting many of the types of attacks we have found to be effective in multiple customer environments.

Kali Linux ISO of Doom

August 27, 2013

Kali Linux

In our last blog post, we provided an example of running an unattended network installation of Kali Linux. Our scenario covered the installation of a custom Kali configuration which contained select tools required for a remote vulnerability assessment using OpenVAS and the Metasploit Framework.

Kali Linux Unattended PXE Install

August 12, 2013

Kali Linux

Our last blog post on the Kali Linux site discussed implementing some cool scenarios with Kali Linux, such as remote unattended installations, creating custom Kali Linux ISOS, and getting Kali working on funky ARM hardware. We received several emails from people asking for more information on how to implement these scenarios, so we thought we'd make a few blog posts with more detailed examples.

Kali Linux on a Galaxy Note 10.1

April 2, 2013

Kali Linux

Here at Offsec, we love playing with hardware. Be it something like the Onity Hotel Door Unlocker, a Teensy USB HID attack payload, or RFID hacks - if it's shiny, we like it. While we were in the last stages of developing Kali Linux, we made the effort to to get Kali working on some ARM hardware, such as the Samsung Chromebook, Odroid U2, Raspberry Pi and RK3306 devices such as the SS808, and then contributed these to the community as "Unofficial Trusted Images", together with the Official Kali Linux downloads.

Kali Linux Has Been Released!

March 13, 2013

Kali Linux

Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We've taken all of this knowledge and experience and implemented it in our "next generation" penetration testing distribution.

AWE Vienna Course: Advanced Windows Exploitation

Advanced Windows Exploitation Vienna

February 19, 2013

Offensive Security

The Advanced Windows Exploitation (AWE) class in Vienna is coming up quick! This will be our first time teaching the class outside of the US and is the only public planned AWE this year outside of BlackHat Vegas. We have secured a beautiful facility on the 24th floor of the Millennium Tower on the Vienna waterfront, and still have a couple of seats left open. So if you are interested in coming now is the time to take action!

BackTrack Reborn – Kali Linux

January 22, 2013

Offensive Security

It’s been 7 years since we released our first version of BackTrack Linux, and the ride so far has been exhilarating. When the dev team started talking about BackTrack 6 (almost a year ago), each of us put on paper a few “wish list goals” that we each wanted implemented in our “next version”. It soon became evident to us that with our 4 year old development architecture, we would not be able to achieve all these new goals without a massive restructure, so, we massively restructured and "Kali" was born. We've also posted a Kali Linux teaser on the BackTrack Linux site - and that's all we'll say for now...

Yahoo DOM XSS 0day – Not fixed yet!

January 8, 2013

Offensive Security

After discussing the recent Yahoo DOM XSS with Shahin from Abysssec.com, it was discovered that Yahoo's fix is not effective as one would hope. According to Yahoo, this issue was fixed at 6:20 PM EST, Jan 7th, 2013. With little modification to the original proof of concept code written by Abysssec, it is still possible to exploit the original Yahoo vulnerability, allowing an attacker to completely take over a victim's account. The victim has to be lured to click a link which contains malicious XSS code for the attack to succeed. This can demonstrated by the video we have created just this morning (Jan 8th, 2013) after Shahin kindly shared proof of concept code with us.

Fun with AIX Shellcode and Metasploit

November 20, 2012

Exploit Development

In one of our recent pentests, we discovered an 0day for a custom C application server running on the AIX Operating System. After debugging the crash, we discovered that the bug could lead to remote code execution and since we don't deal very often with AIX exploitation, we decided to write an exploit for it. The first steps were accomplished pretty quickly and we successfully diverted the execution flow by jumping to a controlled buffer. At this point, we thought we could easily generate some shellcode from MSF and enjoy our remote shell.

CA ARCserve – CVE-2012-2971

October 30, 2012

Exploit Development, Offensive Security

On a recent penetration test, we encountered an installation of CA ARCserve Backup on one of the target systems that piqued our interest. Like most "good" enterprise applications, ARCserve has processes that are running as SYSTEM so naturally, we went straight to work looking for vulnerabilities.

Advanced Windows Exploitation - Vienna, Austria

AWE is Going to Vienna, Austria

October 24, 2012

Offensive Security

Join us for a mind-blowing experience in a city known for its dynamic history and contemporary design, Vienna, Austria. For the first time in Europe we are holding our most intense live training course, Advanced Windows Exploitation (AWE). Be prepared to be challenged beyond your limits!

Bug Bounty Program Insights

Penetration Testing with Kali Linux – Online Course Update

NDPROXY Local SYSTEM exploit CVE-2013-5065

Penetration Testing with Kali Linux at Black Hat Seattle Dec 9th-12th

Penetration Test Report 2013

Kali Linux ISO of Doom

Kali Linux Unattended PXE Install

Kali Linux on a Galaxy Note 10.1

Kali Linux Has Been Released!

Advanced Windows Exploitation Vienna

BackTrack Reborn – Kali Linux

Yahoo DOM XSS 0day – Not fixed yet!

Fun with AIX Shellcode and Metasploit

CA ARCserve – CVE-2012-2971

AWE is Going to Vienna, Austria

Offensive Security Twitter Feed

Offsec Say Try Harder!

Watch our Offsec Jam

Kali Linux Twitter Feed