Home OffSec
  • Pricing
Enroll now Sign in Search Contact us
Research & Tutorials | OffSec
Blog

/

Research & Tutorials

Research & Tutorials

OffSec experts share cutting-edge vulnerability research, tool reviews, tutorials, virtual lab and content walkthroughs.

May 1, 2025

3 min read

CVE-2025-29927: Next.js Middleware Authorization Bypass

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

Read more

Research & Tutorials

CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation

Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.

Apr 23, 2025

3 min read

Research & Tutorials

CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.

Apr 17, 2025

2 min read

Research & Tutorials

CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application

CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw.

Apr 10, 2025

3 min read

Research & Tutorials

CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android

Discover CVE-2024-9956, a critical Chrome flaw on Android allowing Bluetooth-based PassKey theft, and learn key mitigation strategies.

Mar 26, 2025

3 min read

Research & Tutorials

PostgreSQL Exploit

Sharpen your hacking skills! Learn from our walkthrough of a PostgreSQL exploit in the Nibbles machine on PG Practice.

Mar 12, 2025

4 min read

Research & Tutorials

CVE-2025-21298: A Critical Windows OLE Zero-Click Vulnerability

Explore CVE-2025-21298, a critical Windows OLE zero-click flaw enabling RCE via email. Learn its risks, impact, and how to defend against attacks.

Feb 3, 2025

3 min read

Research & Tutorials

My Journey with IR-200: Becoming an OffSec Certified Incident Responder (OSIR)

Embark on a journey to become an OffSec Certified Incident Responder (OSIR) through the IR-200 course, as described by a Student Mentor who tested its effectiveness.

Jan 24, 2025

6 min read

Research & Tutorials

A Student Mentor’s TH-200 and OSTH Learning Experience

Explore the TH-200 course & OSTH exam with an OffSec Mentor’s insights on mastering threat hunting skills.

Jan 24, 2025

9 min read

Research & Tutorials

Post-quantum Cryptography in 2024

Explore post-quantum cryptography’s rise in 2024 and how new standards prepare us for future quantum attacks, ensuring secure data.

Aug 22, 2024

9 min read

Research & Tutorials

How to Become a Cybersecurity Engineer

Learn how to become a cybersecurity engineer, including the educational paths to follow, the crucial skills and certifications needed, and more.

Aug 8, 2024

11 min read

Research & Tutorials

RegreSSHion exploit, CVE-2024-6387: A Write-Up

In this blog post, we will be explaining the new RegreSSHion exploit, CVE-2024-6387 and how it works.

Jul 8, 2024

9 min read

Research & Tutorials

AMSI Write Raid Bypass Vulnerability

In this blog post, we’ll introduce a new bypass technique designed to bypass AMSI without the VirtualProtect API and without changing memory protection.

May 3, 2024

14 min read

Showing 14 - 26 of 58 entries

Join the OffSec Community!

Our community members connect, communicate and collaborate on all things cybersecurity.

By submitting this form, I agree to the processing of my personal data by OffSec as described in the Privacy Policy.