Stay up-to-date with the latest news and updates by subscribing to our RSS feed!
Try Harder – stay up-to-date with the latest Offensive Security news and Kali updates by subscribing to our RSS feed!
An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.
Until the release of BackTrack 4 r2, it was possible to get Metasploit working with MYSQL but it was not an altogether seamless experience. Now, however, Metasploit and MYSQL work together “out of the box” so we thought it would be great to highlight the integration. With the Metasploit team moving away from sqlite3, it is vital to be able to make use of a properly threaded database. There have also been quite a number of additional database commands added to Metasploit and documentation tends to be rather sparse online when it comes to the less “glamorous” side of database management.
Aloha Offsec students! You’ve been slapped around by Bob, abused by Nicky and crushed by NNM. Just as you thought it was over, Offensive Security now comes up with a brand new type of pain. This one is for all your hardcore exploit developers out there, who want a real challenge – an Offsec “Exploit Weekend”.
The guys at the Exploit Database posted an awesome writeup on a Winamp 5.58 Exploit Development storming session – with some really cool results. In the end, they ended up writing a short assembly sequence to walk through the payload and replace bad characters with original shellcode bytes. Read more – Winamp 5.58 from Dos to Code Execution
It’s not often we wake up and find a massive 0day submitted to the Exploit Database – but today was different. Abysssec security released an Adobe Shockwave player 0day. We verified the exploit as part as our verification process in the Exploit database and made a short movie to demonstrate the the vulnerability.
Penetration Testing with BackTrack – There has been a lot of focus on high quality training for security professionals lately in the news. Even the US Government has issued statements about the need for security training to be different in the market today. Much of their research has led them to say that a real-world, hands-on approach to training is more effective than the typical multiple choice training that is out there.
Each year companies lose millions in security breaches. High quality Information Security Awareness is probably one of the most important remedies for these attacks. For a long time we have held to the thought that the human element is the weakest link in the chain, and the Social Engineering Contest at Defcon 18 really drove the point through.