Godaddy Workspace XSS – Who’s your Daddy ?

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy web interface, an attacker can acquire a your session information and log to the account with no credentials.All Godaddy workspace users, ph33r.

Read More

Offsec Exploit Weekend

Aloha Offsec students! You’ve been slapped around by Bob, abused by Nicky and crushed by NNM. Just as you thought it was over, Offensive Security now comes up with a brand new type of pain. This one is for all your hardcore exploit developers out there, who want a real challenge – an Offsec “Exploit Weekend”.

Read More

Penetration Testing with BackTrack – Live Training

Penetration Testing with BackTrack – There has been a lot of focus on high quality training for security professionals lately in the news. Even the US Government has issued statements about the need for security training to be different in the market today. Much of their research has led them to say that a real-world, hands-on approach to training is more effective than the typical multiple choice training that is out there.

Read More

BlackHat, BackTrack and EDB Updates

The Offsec crew is back from BlackHat and Defcon, alive and well. The PWB and AWE trainings were a blast and the crowd was awesome. The BackTrack R1 BlackHat edition release went well, with over 5500 DVDs distributed. We thank everyone who came to our booth – it was nice to put a face to some of those names…

Read More

BackTrack 5 and Exploit-DB Updates

Exciting times here at Offensive Security. Two of our most major projects are off to new and amazing directions – BackTrack and the Exploit Database. The BackTrack development team is now officially funded by Offensive Security, bringing a new era of a high quality penetration testing distribution. In addition, the EDB has started a new R&D initiative which will result in some interesting blog posts.

Read More

How Strong Is Your Schmooze ?

Are you looking for a real Social Engineering CTF challenge? Join Social-Engineer.Org and Offensive Security in the Official Social Engineering CTF hosted at Defcon 18.

Read More

How to choose your Information Security Training

In the past couple of years, the economy has struck hard on organizations seeking to educate their employees. Training budgets have been cut down, and choosing the right course that will give you real Return on Investment is not an easy job. This is especially true in the offensive Information Security Training arena, where standards and qualifications are weakly defined. So how can you make sure you’re getting your money’s worth ?

Welcome to our “10 questions you should be asking your Information Security Training Provider“.

… Read more »

Read More

Upcoming Courses and Security Training

BlackHat Offensive Security Training Courses are selling out…sign up quick! To all those who signed up – we’ve got some special things planned for you, you’re definitely in for a ride. Thanks for flying Offsec.

Read More

PWB V.3.0 Available March 21st, 2010

The Offensive Security team is excited to announce the release date of v3.0 of the Pentesting With BackTrack Course.  On March 21, 2010 the course will be made live. The team has worked overtime to ensure the videos and labs are better than ever.

With new modules, more in depth explanations and a new rich lab environment, this will prove to be a very exciting release. We are opening up early registration for those interested in signing up now.  

… Read more »

Read More

Offensive Security Exploit Archive

For the past few months, Offensive Security has been working with additional exploit addicts (Rel1k) at maintaining the integrity of the Milw0rm exploit archive. For those who don’t know, Milw0rm has been dormant in the past few weeks, for reasons which remain with str0ke (he is alive, healthy and well btw).

Offensive Security together with Gerix.it will be picking up from the place Milw0rm left, and will be maintaining a new exploit archive collection which will be open to the public.

… Read more »

Read More

News and Updates

We’ve got a bunch of exciting news, I’ll try to make this as short and concise as possible.

The guys from the Metasploit project have teamed up with Offensive Security to significantly expand our current Metasploit Unleashed public course. Work is underway!

Apropos MSFU, some statistics – over 3 million page views, 80k unique visitors and 58,000 password bruteforce attempts since the course is up.

BackTrack 4 development is going on strong,

… Read more »

Read More