Blog
Research & Tutorials
Aug 23, 2021
20 min read
PowerShell Obfuscation
In this article, community moderator Tristram (gh0x0st) shares with us an approach to scripting payload obfuscation via PowerShell in order to avoid AV and AMSI detection.
Research & Tutorials
Learning how to hack has a long feedback loop.
How do we learn hacking? What is OffSec’s teaching philosophy? We answer these questions and many more in our How We Teach Hacking webinar.
Aug 11, 2021
3 min read
Research & Tutorials
eXtended Flow Guard Under The Microscope
Microsoft seems to be continuously expanding and evolving its set of security mitigations designed and implemented for Windows 10. In this blog post, we’ll examine an upcoming security feature called eXtended Flow Guard (XFG).
May 18, 2021
8 min read
Research & Tutorials
CVE-2021-1815 – macOS local privilege escalation via Preferences
Apple fixed three vulnerabilities in macOS 11.3’s Preferences. Here we present our writeup about how we identified one of the issues, and how we exploited it.
May 6, 2021
6 min read
Research & Tutorials
Intel CET In Action
In this article, we’ll examine how effective CET is at mitigating real-world exploits that make use of ROP or stack based buffer overflow vulnerabilities.
Apr 29, 2021
9 min read
Research & Tutorials
Microsoft Teams for macOS Local Privilege Escalation
Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft Teams. Here’s how it works and how to secure it.
Nov 17, 2020
13 min read
Research & Tutorials
How to Build a Cybersecurity Homelab
Build your own home lab with this extensive guide from TJnull. He covers the why and how, offers points of consideration, and shares his top resources.
Sep 23, 2020
19 min read
Research & Tutorials
AMFI syscall
Csaba Fitzl covers the `dyld` restriction decision process in macOS and a previously undiscussed or undocumented AMFI (AppleMobileFileIntegrity) system call.
Jun 9, 2020
10 min read
Research & Tutorials
macOS Kernel Debugging with SIP
As security researchers, we often find ourselves needing to look deep into various kernels to fully understand our target and accomplish our goals. Doing so on the Windows platform is no mystery, as there have been countless well-written posts about kernel debugging setups. For macOS, however, the situation is slightly different. There are many great
May 12, 2020
9 min read
Research & Tutorials
Analyzing a Creative Attack Chain Used to Compromise a Web Application
In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).
Sep 3, 2019
5 min read
Research & Tutorials
Yahoo DOM XSS 0day – Not fixed yet!
After discussing the recent Yahoo DOM XSS 0day with Shahin from Abysssec.com, it was discovered that Yahoo’s fix set in place on 6:20 PM EST, Jan 7th, 2013 is not effective as one would hope.
Jan 8, 2013
2 min read
Research & Tutorials
Onity Door Unlocker, Round Two.
On one of our engagements, we figured an Onity Hotel door unlocker would be useful to us. Inspired by the “James Bond” type setup we saw on the Spiderlabs blog post, we thought we’de try to build a small, simple and “TSA friendly” version of the Onity key unlocker.
Oct 23, 2012
2 min read
Research & Tutorials
Stand-Alone EM4x RFID Harvester
Continuing off from our last RFID Cloning with Proxmark3 post, we wanted to build a small, portable, stand-alone EM4x RFID tag stealer. We needed an easy way of storing multiple tag IDs whilst “rubbing elbows” with company personnel. The proxmark3 seemed liked an overkill and not particularly fast at reading em4x tags so we figured we’d try hooking up our RoboticsConnection RFID reader to a Teensy and see if we could make them play nicely together.
Sep 27, 2012
2 min read