Blog
News and updates from OffSec
Oct 17, 2019
My OSCP Guide: A Philosophical Approach
Samuel Whang, a PWK graduate, details his recommendations and a unique philosophical approach for those looking to pursue their OSCP. This article originally appeared on Sep 24, 2019, posted by Samuel Whang. It has been posted with minor edits, with permission from the author. Original post: https://medium.com/@klockw3rk/my-oscp-guide-a-philosophical-approach-a98232bc818
Categories
Web App Security
Understanding the Fundamentals of Securing Web Applications
Web application security can be a rewarding career path. However, the web application security space, and cybersecurity industry as a whole, lives in a constant state of change. An unrelenting curiosity and passion for lifelong learning is mandatory for anyone seeking to specialize in this niche. Here are some fundamentals to help you pursue these skills.
Oct 8, 2019
7 min read
Research & Tutorials
Analyzing a Creative Attack Chain Used to Compromise a Web Application
In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).
Sep 3, 2019
5 min read
Enterprise Security
5 Best Practices for Web Application Security
When it comes to web application security, there are many measures you can implement to reduce the chances of an intruder stealing sensitive data, injecting malware into a webpage, or public defacement. As more and more organizations transition their business operations to web applications, security in the development process can no longer be an afterthought. Whether it’s a code injection, privilege escalation, DDoS attack, or a vulnerable element, bad actors are constantly looking for creative ways to manipulate exploits for personal gain. We’ve rounded up our top five (5) best practices to help you fortify your application security.
Aug 20, 2019
6 min read
Enterprise Security
BlackHat 2019 Recap
BlackHat has always been one of our favorite industry conferences. Although OffSec has been providing educational workshops for years at BlackHat, this was our first year holding an official booth. The booth was a major hit, as we had the opportunity to chat with long-time Offensive Security alumni and also meet some new faces…Did you attend one our BlackHat workshops or stop by the OffSec booth? If so, we’d love to hear about your experience and any feedback you might have — tag us on Twitter @OffSecTraining!
Aug 13, 2019
1 min read
OffSec News
OSCP/OSCE/OSWP Review
It’s no secret that Offensive Security offers some of the best technical training in the information security field. Their brand has become synonymous with penetration testing in the eyes of most tech recruiters on LinkedIn.Some of the most common questions I get on LinkedIn are related to the OSCP/OSCE/OSWP certifications. Some people even go as far as asking for solutions to their exam machines. Sorry, you won’t be finding anything like that here (TRY HARDER). I will however offer an honest review and offer some tips to help you decide if you are ready to take the plunge into any of these 3 awesome courses!This article originally appeared on Jul 20, 2019, posted by Joey Lane and has been republished unedited and in its entirety with permission from the author. Original post: https://blog.own.sh/oscp-osce-oswp-review/
Jul 23, 2019
12 min read
Kali NetHunter
Kali NetHunter App Store – Public Beta
Kali NetHunter has been undergoing a ton of changes as of late. Now supporting over 50 devices and running on Android devices from KitKat (v4.4) to Pie (v9.0), its amazing the extra capabilities that have been introduced.But, we don’t want to stop there. After a ton of work, we are really excited to introduce the Kali NetHunter App Store!
Jul 16, 2019
3 min read
Enterprise Security
Come see OffSec at BlackHat in Vegas
For those planning on attending Black Hat in Las Vegas on August 3-8, come stop by our booth (#2604) in the Business Hall — which will be available August 7-8. Members from many different teams of OffSec will be there and would love to meet you! Rumors are swirling that we’ll also be handing out special Challenge Coins to visitors that Try Harder… so make sure to stop by.
Jul 11, 2019
2 min read
Exploit Development
AWAE Exam for OSWE Certification now Available with Online Course
In March we released the online version of Advanced Web Attacks and Exploitations (AWAE) to amazing customer response. Thank you to everyone that has taken the course! We really appreciate the kind words and reviews. Today, we are very pleased to announce the availability of the Offensive Security Web Expert (OSWE) certification.
May 13, 2019
3 min read
Exploit Development
Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)
by Morten Schenk Windows 10 1809 Kernel ASLR Bypass Evolution When it is well-implemented, Kernel Address Space Layout Randomization (KASLR) makes Windows kernel exploitation extremely difficult by making it impractical to obtain the base address of a kernel driver directly. In an attempt to bypass this, researchers have historically focussed on kernel address leaks to
Mar 19, 2019
10 min read
Exploit Development
AWAE Now Available Anywhere, Anytime
Our Advanced Web Attacks and Exploitation (AWAE) live training course has been one of the fastest-selling classes at various industry events for years. The Black Hat classes perennially sell out in a matter of minutes, and every year we’re snowed under by demand from security professionals wondering when we’ll offer it online. For this reason, today we’re excited to announce AWAE is now available online…
Mar 18, 2019
2 min read
Insights
Cheating Attempts and the OSCP
Last week, an individual started to release solutions to certain challenges in the OSCP certification exam. This led to some discussion on Twitter and made it clear to us that there is a fair amount of misunderstanding about what’s on the exam, how we catch cheaters, how many people attempt to cheat, and what happens when they are discovered. In this post, we would like to shine some light on our certification process.
Jan 31, 2019
1 min read
OffSec News
Offensive Security Appoints Ning Wang as CEO to Lead Organization’s Next Stage of Growth
Today we all constantly read about data breaches that could have been prevented if the impacted organization had just done what they were supposed to do. The unfortunate reality is that cyberattacks are now a matter of ‘when’ and not ‘if’ for the average enterprise. Yet the landscape is changing and protecting your environment is actually getting more challenging not less.Cyber adversaries are more organized and talented than ever, so an effective cyber defense now requires more than just following the right processes. Today’s enterprises need defenders who perform their jobs with an adversarial mindset. While this need is becoming more acute every day, we are also presently in the midst of an enormous cybersecurity skills shortage. These two forces are diametrically opposed and there is only one way toward resolution – practical security training.This being the case, I couldn’t be happier to join Offensive Security as the company’s next CEO.
Jan 15, 2019
3 min read
Join the OffSec Community!
Our community members connect, communicate and collaborate on all things cybersecurity.