Offensive Security Vision

How we came to be

Offensive Security Mission Statement

A few years back, a good friend (and Microsoft Networking mentor of mine) came to visit me during a course. We started talking about the (latest at the time) ZOTOB worm (MS05-039) and I asked him if he had seen any instances of it. He answered that he saw an infection in one location, where it was quickly overcome. He then said: “That ZOTOB was annoying though, it kept rebooting the servers until they managed to get rid of it“.

I took my friend aside and proceeded to boot a vulnerable class computer and told him: “Watch this, I’m going to manually replicate the Zotob attack”. I browsed to the milw0rm site, and downloaded the first (at the time) exploit on the list, and saved it to disk. I opened a command prompt, compiled the exploit and ran it. The required command-line to run this exploit was similar to ms05-039.exe [victim IP]“. I punched in the IP address of the vulnerable computer with one finger, and pressed enter.

I was immediately presented with command shell belonging to the victim machine. I typed in ipconfig, and then whoami and proceeded to add an administrative user to the victim machine. I gave my friend just enough time to see the output, and then typed exit.

Exiting the shell caused svchost.exe to crash, and a reboot window popped up, just like the ones he saw. I could slowly see the realization seep in. His face lost colour and he slowly sat down on the nearest chair. He looked at me, horrified, somehow managing to gasp “how” and “why” at the same time. He then quickly exited the room and made some urgent phone calls.

MS05-039 Zotob Worm - Offensive Security

 “there is a divinity that shapes our ends, rough-hew them how we may.”

The best defense is a good offense

I realized that this master of Windows Active Directory and Multiple Domain PKI Infra-structure guru did not share the same narrow (in)security knowledge as a 12 year old junior hacker. He was not aware of the outcomes of such an attack and did not know that the “reboot” syndrome he observed was an “unfortunate” byproduct of an unauthorized SYSTEM level access to the machine.

This made me realize that there is a *huge* gap between the “Defensive” and “Offensive” security fields. A gap so big that a 12 year old could outsmart a well seasoned security expert. Hopefully, if this separation between the “Defensive” and “Offensive” fields is clear enough, network administrators and (defensive) security experts will start to realize that they are aware of only one half of the equation and that there’s a completely alien force they need to deal with – and that in order to defend their environment, they need to understand the attacks.

Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE