Category Archive for "Offensive Security"

MW3 Staff vs Students 0x1

MW3 Staff vs Students 0x1

Want a chance to get even ? For years we have been running classes that take great joy in torturing our students. We ask a lot of you, and the classes and certifications prove it. However there is no way around it: Some times we can drive you nuts. Here’s your chance to get even, MW3-style.

Read More
PWB in the Caribbean

PWB in the Caribbean, Part 5

In this final post of our PWB in the Caribbean series, Johnny picks up from where he left off in Part 4, reflecting on his experiences during the week and the impact it has had on him personally. Without further delay, we’ll let Johnny wrap up the series.

Read More
PWB in the Caribbean

PWB in the Caribbean, Part 4

When we last left off in Part 3 of our series of posts on Johnny’s experience at our recent PWB in the Caribbean course, he was experiencing the highs and lows of exploit development, emerging triumphantly in the end. Part 4 picks up where we left off last time so we’ll let Johnny take it from here.

Read More
PWB in the Caribbean

PWB in the Caribbean, Part 1

Quite often, people tend to wonder what it’s like to experience an Offensive Security live training course. At our most recent live Pentesting with BackTrack course in St. Kitts, we had in attendance, Johnny Long of Hackers for Charity and he was good enough to keep a journal of his experiences during the course.

Read More
wifuv3wall

Offensive Security Wireless Attacks Updated

At long last, our highly rated Wireless Attacks Course (Wi-Fu) has been updated to version 3! This is a major revision of the course with a complete restructure and redesign of the course content with a far broader range of attack techniques.

Read More
offsec-thumb-se-defcon19-2011

The Schmooze Strikes Back

The Social Engineering Defcon 19 CTF For the last 2 years now, Social-Engineer.Org’s mission has been to raise awareness for social engineering. Security technology has not been able to stop the advances of attackers leveraging social engineering techniques in order to gain unauthorized access to global organizations and fortune 500…

Read More
Live Training 2011

Live Training Spring 2011

In our spring tradition of live training we are happy to announce our official April 2011 Pentesting With BackTrack course in Columbia, MD. As usual we are keeping our classes small so if you are interested sign up as soon as possible before we are full.

Read More
derbycon-offsec-blog

DerbyCon Security Conference 2011

We are happy to announce that Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Louisville Kentucky. Our goal is to bring back an old style, community driven hacker con chocked full of amazing talks, live events and all around fun. The idea for DerbyCon…

Read More
Internet Explorer 0day

Internet Explorer CSS 0day on Windows 7

A recent video submission by Abysssec demonstrates the Internet Explorer CSS 0day currently rampaging  – reliably working on Windows 7 and Vista. The exploit bypasses DEP and ASLR without the use of any 3rd party extensions. There doesn’t seem to be a lot of discussion going around this exploit, however…

Read More
The Art of Human Hacking

The Art of Human Hacking

It’s hard to believe that the social-engineer.org project began 14 months ago. This project started from a simple idea ­ to build the world’s first framework for social engineers. In these 14 months, this project has grown into the leading resource for all real social engineering education. The CTF that…

Read More
Godaddy Workspace XSS

Godaddy Workspace XSS – Who’s your Daddy ?

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy web interface, an attacker can acquire a your session information and log to the account with no credentials.All Godaddy workspace users, ph33r.

Read More
exploit-iPad6

Offsec Exploit Weekend

Aloha Offsec students! You’ve been slapped around by Bob, abused by Nicky and crushed by NNM. Just as you thought it was over, Offensive Security now comes up with a brand new type of pain. This one is for all your hardcore exploit developers out there, who want a real challenge – an Offsec “Exploit Weekend”.

Read More
pwb-3-offsec

Penetration Testing with BackTrack – Live Training

Penetration Testing with BackTrack – There has been a lot of focus on high quality training for security professionals lately in the news. Even the US Government has issued statements about the need for security training to be different in the market today. Much of their research has led them to say that a real-world, hands-on approach to training is more effective than the typical multiple choice training that is out there.

Read More
Microsoft DLL Hijacking Exploit in Action

Microsoft DLL Hijacking Exploit in Action

The “new” Insecure Library Loading vulnerability (2269637) in action… The Metasploit team has added a exploit module for this vulnerability. Check it out.

Read More
poster-dark1-thumb

Security Awareness Training – A New Era

Each year companies lose millions in security breaches. High quality Information Security Awareness is probably one of the most important remedies for these attacks. For a long time we have held to the thought that the human element is the weakest link in the chain, and the Social Engineering Contest at Defcon 18 really drove the point through.

Read More