Blog
News and updates from OffSec
Oct 30, 2012
CA ARCserve – CVE-2012-2971
On a recent penetration test, we encountered an installation of CA ARCserve Backup on one of the target systems that piqued our interest. Like most “good” enterprise applications, ARCserve has processes that are running as SYSTEM so naturally, we went straight to work looking for vulnerabilities.
Categories
Research & Tutorials
Onity Door Unlocker, Round Two.
On one of our engagements, we figured an Onity Hotel door unlocker would be useful to us. Inspired by the “James Bond” type setup we saw on the Spiderlabs blog post, we thought we’de try to build a small, simple and “TSA friendly” version of the Onity key unlocker.
Oct 23, 2012
2 min read
Research & Tutorials
Stand-Alone EM4x RFID Harvester
Continuing off from our last RFID Cloning with Proxmark3 post, we wanted to build a small, portable, stand-alone EM4x RFID tag stealer. We needed an easy way of storing multiple tag IDs whilst “rubbing elbows” with company personnel. The proxmark3 seemed liked an overkill and not particularly fast at reading em4x tags so we figured we’d try hooking up our RoboticsConnection RFID reader to a Teensy and see if we could make them play nicely together.
Sep 27, 2012
2 min read
Research & Tutorials
RFID Cloning with Proxmark 3
Our Proxmark 3 (and antennae) finally arrived, and we thought we’d take it for a spin. It’s a great little device for physical pentests, allowing us to capture, replay and clone certain RFID tags.
Sep 24, 2012
5 min read
Enterprise Security
Offsec BlackHat / Defcon Scavenger Hunt
Are you in Vegas for BlackHat and Defcon ? Are you desperately looking for Offensive Security schwag ? We are giving out Metasploit books, BackTrack Challenge coins and large sized BackTrack Decals in this years BlackHat and Defcon conferences. So, what exactly does one need to do to get these wonderful, sought after gifts ? It’s easy:
Jul 24, 2012
2 min read
Research & Tutorials
FreePBX Exploit Phone Home
During a routine scan of new vulnerability reports for the Exploit Database, we came across a single post in full disclosure by Martin Tschirsich, about a Remote Code Execution vulnerability in FreePBX. This vulnerability sounded intriguing, and as usual, required verification in the EDB. At first glance, the vulnerability didn’t jump out at us, especially as we are not familiar with the inner workings of asterisk. After a couple of emails back and forth with Martin, the path to code execution became clearer:
Mar 23, 2012
3 min read
OffSec News
Announcing the OSEE Certification
Since the inception of our Advanced Windows Exploitation (AWE) course, our students (who are always searching for more pain) have been asking for an accompanying certification exam. We are very pleased to announce the launch of the Offensive Security Exploit Expert (OSEE) certification.
Jan 16, 2012
2 min read
Enterprise Security
PWB in the Caribbean, Part 3
In Part 2 of our series of posts on the recent PWB in the Caribbean course, Johnny was desperately seeking an exit from the upcoming pain that is exploit development. However, he didn’t come up with an escape plan quickly enough and his tale continues in this latest diary entry.
Dec 28, 2011
5 min read
Enterprise Security
PWB in the Caribbean, Part 2
In our ongoing series covering our most recent live PWB in the Caribbean course, Johnny picks up from Part 1 and provides an inside and personal look at the course as it picks up speed and increases in difficulty.
Dec 21, 2011
4 min read
Penetration Testing
Offensive Security Wireless Attacks Updated
At long last, our highly rated Wireless Attacks Course (Wi-Fu) has been updated to version 3! This is a major revision of the course with a complete restructure and redesign of the course content with a far broader range of attack techniques.
Dec 7, 2011
2 min read
Exploit Development
MS11-080 Exploit – A Voyage into Ring Zero
Every patch Tuesday, we, like many in the security industry, love to analyze the released patches and see if any of them can lead to the development of a working exploit. Recently, the MS11-080 advisory caught our attention as it afforded us the opportunity to play in the kernel and try to get a working privilege escalation exploit out of it.
Dec 6, 2011
6 min read
Exploit Development
Advanced Windows Exploitation Updated
Our Advanced Windows Exploitation (AWE) live course in Columbia, Maryland is fast approaching with a start-date of October 24. Not only is the first time we have offered this training outside of BlackHat, it is also the first time we are able to offer a full 5 days of training and a limited number of seats are still available for this intense course.
Oct 12, 2011
2 min read
Kali Linux
Metasploit: A Penetration Testers Guide
Offensive Security is happy to announce the availability of Metasploit, The Penetration Tester’s Guide – A new book by Dave Kennedy (ReL1K), Devon Kearns (dookie), Jim O’Gorman (_Elwood_), and Mati Aharoni (muts). The book is released through No Starch Press.
Jul 12, 2011
2 min read
Join the OffSec Community!
Our community members connect, communicate and collaborate on all things cybersecurity.