PWB in the Caribbean, Part 3

In Part 2 of our series of posts on the recent PWB in the Caribbean course, Johnny was desperately seeking an exit from the upcoming pain that is exploit development. However, he didn’t come up with an escape plan quickly enough and his tale continues in this latest diary entry.

Read More

Discover your inner Pirate

For the last two years Offensive Security has been taking the live training market by storm with its flagship course, Pentesting with BackTrack. We are very excited to announce that the next PWB live training will be held in an exotic location the Caribbean island of St. Kitts and Nevis.

St. Kitts is a tiny island set in the middle of glass-like beautiful waters, perfect beaches and the pain and suffering that only PWB can bring.

… Read more »

Read More

BackTrack 5 on a Motorola Xoom

In the past few days we have been toying with some Motorola hardware, and have managed to get a basic build of BackTrack 5 (+ toolchain) on a Motorola Xoom. The possibilities look exciting as we are slowly building several experimental arm packages. Our team does not have much experience with the Android OS nor ARM hardware, but so far – so good. We will not promise an ARM release on May 10th, as this new “experiment”

… Read more »

Read More

Metasploit with MySQL in BackTrack 4 r2

Until the release of BackTrack 4 r2, it was possible to get Metasploit working with MYSQL but it was not an altogether seamless experience. Now, however, Metasploit and MYSQL work together “out of the box” so we thought it would be great to highlight the integration. With the Metasploit team moving away from sqlite3, it is vital to be able to make use of a properly threaded database. There have also been quite a number of additional database commands added to Metasploit and documentation tends to be rather sparse online when it comes to the less “glamorous” side of database management.

Read More

BackTrack 4 R1 BlackHat Edition

The time is again upon us for the years biggest security conference event – Black Hat Vegas, USA. The folks at Black Hat have prepared a stellar week of great trainings and cutting edge briefings.

Read More

How to Update to BackTrack 2.6.34

Several people have been asking for instructions on updating hard drive installs of BackTrack – here’s a quick set of commands to upgrade your BackTrack machine – and prepare the kernel sources – for example VMWare tools or VirtualBox tools kernel module compilations.

Read More

BackTrack ISO Kernel 2.6.34 Upgrade

Last night we moved a new kernel package (2.6.34) out of the testing repositories, and into the official ones. This kernel update marks a huge improvement in hardware support and desktop responsiveness. In addition to the kernel, we have added several external wireless drivers – madwifi-ng (ath_pci), broadcom-sta (wl, no injection), r8187 drivers and rt73 k2wrlz drivers.

Read More

How to Hack your Way to BlackHat Vegas

This past weekend Offensive Security ran its second cyber hacking challenge, “How Strong is Your Fu – Hacking for Charity“. We first separated the contestants into groups of 10 and each had 48 hours to hack into our 5 evil machines that were conjured up by the VM gremlins of the Offensive Security Team.

Read More

Penetration Testing Tools

We are coming close to a public release of BackTrack R1 – the world’s leading penetration testing distribution. We wanted to provide an opportunity for our users to make last suggestions for tools which are currently NOT present , but should be included. Please use the following form to submit your suggestions to our development team.

Read More

BackTrack 4 Release 1 (R1 Dev)

The release of BackTrack 4 unleashed a whirlwind of over 1 million downloads. Information Security specialists and Penetration Testers from all over the world showing their support and love for the product that has become the #1 Penetration Testing Distribution.

Read More

Malicious Google Gadgets in Action

Malicious Google WidgetA new report by emgent shows malicious Google Gadgets in action. The vulnerability lies in the ability of a malicious user to add their own Gadgets on a separate domain space, without Google’s authorization. The attack variant shown in the movie can be altered to steal cookies, run arbitrary JavaScript on victim machines, and could be further weaponised to great Malicious Google Gadget worms.
When researching this topic, we found references to similar vulnerabilities which date back to 2007, reported by Tom Stracener and Robert Hansen.

Read More

How Strong is Your Fu?

We are happy to announce our first Public Hacking Tournament, labeled “How strong is Your Fu?“. The Hacking Tournament will last for two days, and may go on longer, depending on how long our machines survive. The reward ? The winner of the tournament will be able to choose ONE of our Online courses, free of charge. This could be either PWB, WiFu or CTP (30 day labs where relevant).
Registration for the contest,

… Read more »

Read More