A New Partnership

It’s been a busy few months for us here, and for good reason. Today we are proud to announce our new partners at Offensive Security – Spectrum Equity.

Read More

Offensive Security Online Exam Proctoring

When we started out with our online training courses over 12 years ago, we made hard choices about the nature of our courses and certifications. We went against the grain, against the common certification standards, and came up with a unique certification model in the field – “Hands-on, practical certification”. Twelve years later, these choices have paid off. The industry as a whole has realized that most of the multiple choice, technical certifications do not necessarily guarantee a candidate’s technical level…and for many in the offensive security field, the OSCP has turned into a golden industry standard. This has been wonderful for certification holders as they find themselves actively recruited by employers due to the fact that they have proven themselves as being able to stand up to the stress of a hard, 24-hour exam – and still deliver a quality report.

Read More

The Synology Improbability

Recently, my manager purchased a Synology NAS device for me to do some backups. Since quite a few people I know use this particular NAS (including myself now), I decided to do a quick audit on it before integrating it into my lab environment. In this blog post, I will cover two different vulnerabilities patched by Synology.

Read More

Auditing the Auditor

Some time ago, we noticed some security researchers looking for critical vulnerabilities affecting “security” based products (such as antivirus) that can have a damaging impact to enterprise and desktop users. Take a stroll through the Google Project Zero bug tracker to see what we mean.

Read More

Fldbg, a Pykd script to debug FlashPlayer

A few months ago, we decided to make a new module for our Advanced Windows Exploitation class. After evaluating a few options we chose to work with an Adobe Flash 1day vulnerability originally discovered by the Google Project Zero team. Since we did not have any previous experience with Flash internals, we expected a pretty steep learning curve.

Read More

A Decade of Exploit Database Data

Managing the Exploit Database is one of those ongoing tasks that ends up taking a significant amount of time and often, we don’t take the time to step back and look at the trends as they occur over time. Have there been more exploits over the years? Perhaps fewer? Is there a shift in platforms being targeted? Has the bar for exploits indeed been raised with the increase in more secure operating system protections?

Read More

What it means to be an OSCP reloaded

In our recent blog post  “What it means to be an OSCP” we asked OSCPs to share their experience of what it means to have earned this certification and we received many tales of hardship and reward. Mike Benich sent in an entry that we felt very much captured the essence of the Offensive Security mentality; that the path to OSCP is challenging, stressful, and demanding, but the results leave you with much more than technological expertise.

Read More

What it means to be an OSCP

When a student earns an Offensive Security certification such as the OSCP, it is a testament to the personal investment they have made as part of a commitment to excellence. Like getting a degree from a university, no matter what happens in your life from that point forward, the fact is your earned that certification and it is yours to keep. Saying this, there are some hard truths behind the path to OSCP.

Read More

MASSCAN Web Interface

A couple of weeks ago, we had the opportunity to scan and map a large IP address space covering just over 3 million hosts. Our tool of choice for this was the fast and capable masscan, which is packaged in Kali. While masscan has several convenient output formats, such as binary and XML, one feature we were missing was an easy way to search our results. We quickly whipped up a little web interface that would allow us to import and search within a masscan XML output file. This feature proved very useful for us – as once we identified a specific vulnerable pattern on a machine, we could easily cross reference this pattern with over the millions of discovered hosts in our database.

Read More

What’s New with Exploit Database?

New Features in the Exploit Database

Over the past 6 years, we have been maintaining and updating the Exploit Database on a daily basis, which now boasts over 35,000 exploits. While we constantly work on improving our back-end and entry quality. Over the years there haven’t really been any updates to the front-end, which has traditionally stayed ominously dark and foreboding. As you may have already seen this changed about two weeks ago, with the introduction of the new and improved Exploit Database website.

… Read more »

Read More

Offensive Security Say – Try Harder!

Offsec students go through hell. They endure levels of stress and frustration beyond what is considered normal, and we at Offsec appreciate this. So much in fact, that we’ve dedicated the following song to anyone who’s taken an Offsec course, and tried harder!

Read More

Happy Holidays from Offsec

We at Offensive Security would like to thank all of our students, customers, and friends for a wonderful 2014. Its been a busy but productive year, with major upgrades to Kali Linux, the release of Kali NetHunter, the public launch of the hosted virtual labs, the first ever Kali Linux Dojo, upgrades to our student labs, lots of interesting R&D, a bunch of 0-days and a number of other accomplishments. We enjoyed the journey with all of you and here is to a fun and productive 2015! We wanted to thank you with this video we produced for all y’all.

Read More

Professional Penetration Testing Labs

For the past few months, we have been quietly beta testing and perfecting our new Enterprise Penetration Testing Labs, or as we fondly call it, the “Offensive Security Proving Grounds (PG)”. Today, we are proud to unveil our hosted penetration testing labs – a safe virtual network environment designed to be attacked and penetrated as a means of learning and sharpening your penetration testing skills. The new design of the Proving Grounds include multiple interconnected subnets with a wide array of modern operating systems, including Active Directory domains, Citrix systems, corporate Antivirus solutions as well as Intrusion Prevention Systems which attackers must learn to cope with.

Read More

Kali Nexus NetHunter 1.0.2

It’s been a week since our release of the Kali Linux NetHunter, and the feedback is amazing. A NetHunter community has sprung up from nowhere, and the forums and github pages are really active. We’re completely stoked about this community response, and are eager to see it grow. After an intense week of community testing and a slew of bugfixes (including shellshock), we thought it would be a good opportunity to release a NetHunter update. Please welcome NetHunter 1.0.2.

Read More

Disarming EMET v5.0

In our previous Disarming Emet 4.x blog post, we demonstrated how to disarm the ROP mitigations introduced in EMET 4.x by abusing a global variable in the .data section located at a static offset. A general overview of the EMET 5 technical preview has been recently published here.

Read More