Posts Tagged "offensive security"

Kali Linux a new dawn has come...

Kali Linux Has Been Released!

Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We’ve taken all of this knowledge and experience and implemented it in our “next generation” penetration testing distribution.

Read More
hsiyf2-offsec

Hacking Challenge #2 – HSIYF for Charity

Offsec has teamed up with the crew at Hackers For Charity and the world’s premier Hacker Con – BlackHat, to provide another amazing cyber hacking challenge.

Read More

Malicious Google Gadgets in Action

Malicious Google WidgetA new report by emgent shows malicious Google Gadgets in action. The vulnerability lies in the ability of a malicious user to add their own Gadgets on a separate domain space, without Google’s authorization. The attack variant shown in the movie can be altered to steal cookies, run arbitrary JavaScript on victim machines, and could be further weaponised to great Malicious Google Gadget worms.
When researching this topic, we found references to similar vulnerabilities which date back to 2007, reported by Tom Stracener and Robert Hansen.

Read More
Upcoming Courses and Security Training

Upcoming Courses and Security Training

BlackHat Offensive Security Training Courses are selling out…sign up quick! To all those who signed up – we’ve got some special things planned for you, you’re definitely in for a ride. Thanks for flying Offsec.

Read More

Penetration Testing With BackTrack v.3.0 Alive!

Penetration Testing with BackTrack v3.0 now available and better than ever!

Read More

QuickZip Stack BOF : A box of chocolates – part 2

Today (as promised in part 1 of the QuickZip Stack BOF exploit write-up), I will explain how to build the exploit for the quickzip vulnerability using a pop pop ret pointer from an OS dll. At the end of part 1, I challenged you, the Offensive Security Blog reader, to…

Read More

PWB v3.0 – Offensive Security Online Training at its Best

Penetration Testing with BackTrack updates

Read More
QuickZip Stack BOF 0day: a box of chocolates

QuickZip Stack BOF 0day: a box of chocolates

A few days ago, one of my friends (mr_me) pointed me to an application that appeared to be acting somewhat “buggy” while processing “specifically” crafted zip files.  After playing with the zip file structure for a while (thanks again, mr_me, for documenting the zip file structure), I found a way…

Read More

PWB V.3.0 Available March 21st, 2010

The Offensive Security team is excited to announce the release date of v3.0 of the Pentesting With BackTrack Course.  On March 21, 2010 the course will be made live. The team has worked overtime to ensure the videos and labs are better than ever. With new modules, more in depth…

Read More

BT4, Adobe 0days and other updates

We are very close to a final release of BT4. We are working vigorously in these final days… So far its looking AMAZING, and we are loving every little bit of it. For those who missed it, Metasploit got updated with a brand new shiny Adobe 0day.

Read More

Offensive Security Exploit Archive Online

After a short and intense setup, we are ready to present the Offsec Exploit Archive. We’ve recreated the milw0rm database, updated it and are now accepting submissions. The purpose of the site is to provide researchers and security enthusiasts a repository of exploits, and when possible, the relevant affected software….

Read More

Metasploit Unleashed Back Online

Just a quick note  – the Metasploit Unleashed Wiki is back online, patched cleaned and secured. The Offsec Exploit database will be online by the end of the week. Stay tuned!

Read More

Offsec Web Server Hacked

For the past couple of weeks we have been watching escalating DOS attacks against our web server, specifically against the Metasploit Unleashed Wiki. Today as we were watching our apache logs, we noticed unusual requests. A quick analysis showed that our web server was compromised through a vulnerability in the…

Read More

Offensive Security Exploit Archive

For the past few months, Offensive Security has been working with additional exploit addicts (Rel1k) at maintaining the integrity of the Milw0rm exploit archive. For those who don’t know, Milw0rm has been dormant in the past few weeks, for reasons which remain with str0ke (he is alive, healthy and well…

Read More

Metasploit Rising

The Framework that we all know and love is about to take a massive leap into the future.   The MSF crew as well as the MSF itself has been placed under Rapid 7’s corporate umbrella. The framework will continue to be free, running under the BSD license. We expect…

Read More