OffSec Webinar and Events Library
Hear directly from Offensive Security’s experts on the latest course releases, and the infosec topics that interest our community.
Read MoreOffSec 2020 Recap
Take a look back at 2020’s course launches and updates, and learn what to expect in 2021 with this year-end recap from Offensive Security.
Read MoreProving Grounds as a Recruitment Tool
Learn how Packetlabs used Offensive Security’s Proving Grounds solution to identify and hire top penetration testing talent.
Read MoreWhite Box Web Application Pentesting
How can source code review help penetration testers with web application security assessments? Learn the benefits of white box web app penetration testing.
Read MoreThe AWAE/OSWE Journey: A Review
Donavan Cheah gives us some of his thoughts on the subject of penetration testing, and his journey with the AWAE course in particular.
Read MoreStudent Spotlight: Flood Survivor and OSCP Graduate
OffSec student Christopher M Downs takes trying harder to another level: completing (and passing) his OSCP exam in the middle of a New Orleans flood. Read more about Christopher’s inspiring journey.
Read MoreMy OSCP Guide: A Philosophical Approach
Samuel Whang, a PWK graduate, details his recommendations and a unique philosophical approach for those looking to pursue their OSCP.
This article originally appeared on Sep 24, 2019, posted by Samuel Whang. It has been posted with minor edits, with permission from the author. Original post: https://medium.com/@klockw3rk/my-oscp-guide-a-philosophical-approach-a98232bc818
Read MoreKali Linux ISO of Doom
In our last blog post, we provided an example of running an unattended network installation of Kali Linux. Our scenario covered the installation of a custom Kali configuration which contained select tools required for a remote vulnerability assessment using OpenVAS and the Metasploit Framework.
Read MoreBackTrack Reborn – Kali Linux
It’s been 7 years since we released our first version of BackTrack Linux, and the ride so far has been exhilarating. When the dev team started talking about BackTrack 6 (almost a year ago), each of us put on paper a few “wish list goals” that we each wanted implemented in our “next version”. It soon became evident to us that with our 4 year old development architecture, we would not be able to achieve all these new goals without a massive restructure, so, we massively restructured and “Kali” was born. We’ve also posted a Kali Linux teaser on the BackTrack Linux site – and that’s all we’ll say for now…
Read MoreAdvanced Teensy Penetration Testing Payloads
In one of our recent engagements, we had the opportunity to test the physical security of an organization. This assessment presented an excellent scenario for a USB HID attack, where an attacker would stealthily sneak into a server room, and connect a malicious USB device to a server with logged on console, thus compromising it. From here, the “Peensy” (Penetration Testing Teensy?) was born.
Read MoreEvocam Remote Buffer Overflow on OSX
This guide comes from my own journey from finding a buffer overflow in an OS X application to producing a working exploit. I have reasonably good exploit development skills having completed the Penetration Testing with BackTrack and Cracking the Perimeter training courses, and working on several buffer overflow exploits. The majority of my exploit development skills are based around Windows vulnerabilities and using the OllyDBG debugger.
Read MoreBackTrack 4 R1 Dev Public Release
As promised, we are releasing a BackTrack 4 R1 information security and penetration testing development build to the public for hardware testing.
Read MoreBackTrack 4 Release 1 (R1 Dev)
The release of BackTrack 4 unleashed a whirlwind of over 1 million downloads. Information Security specialists and Penetration Testers from all over the world showing their support and love for the product that has become the #1 Penetration Testing Distribution.
Read MoreHow to choose your Information Security Training
In the past couple of years, the economy has struck hard on organizations seeking to educate their employees. Training budgets have been cut down, and choosing the right course that will give you real Return on Investment is not an easy job. This is especially true in the offensive Information Security Training arena, where standards and qualifications are weakly defined. So how can you make sure you’re getting your money’s worth ?
Welcome to our “10 questions you should be asking your Information Security Training Provider“.
Read More