Research & Tutorials | OffSec

Blog

Research & Tutorials

OffSec experts share cutting-edge vulnerability research, tool reviews, tutorials, virtual lab and content walkthroughs.
Research & Tutorials

Feb 23, 2022

Introduction to Game Hacking

Explore our guided introduction to game hacking. Learn how data in memory can be manipulated to achieve results that are outside the normal program design.

Read more
MSXPC-privilege-escalation

Research & Tutorials

Microsoft OneDrive for macOS Local Privilege Escalation

Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft OneDrive. Here’s how it works and how to secure it.

Jan 31, 2022

9 min read
tristram-pythonizing-nmap-featured

Research & Tutorials

Pythonizing Nmap

Tristram (aka gh0x0st) shares with us some tips for using python to automate nmap and other parts of your penetration testing process.

Nov 9, 2021

45 min read
PowerShell Obfuscation

Research & Tutorials

PowerShell Obfuscation

In this article, community moderator Tristram (gh0x0st) shares with us an approach to scripting payload obfuscation via PowerShell in order to avoid AV and AMSI detection.

Aug 23, 2021

20 min read
How we Teach Hacking

Research & Tutorials

Learning how to hack has a long feedback loop.

How do we learn hacking? What is OffSec’s teaching philosophy? We answer these questions and many more in our How We Teach Hacking webinar.

Aug 11, 2021

3 min read
Microsoft XFG

Research & Tutorials

eXtended Flow Guard Under The Microscope

Microsoft seems to be continuously expanding and evolving its set of security mitigations designed and implemented for Windows 10. In this blog post, we’ll examine an upcoming security feature called eXtended Flow Guard (XFG).

May 18, 2021

8 min read
MACOS LOCAL PRIVILEGE ESCALATION VIA CFPREFSD

Research & Tutorials

CVE-2021-1815 – macOS local privilege escalation via Preferences

Apple fixed three vulnerabilities in macOS 11.3’s Preferences. Here we present our writeup about how we identified one of the issues, and how we exploited it.

May 6, 2021

6 min read
Intel CET In Action

Research & Tutorials

Intel CET In Action

In this article, we’ll examine how effective CET is at mitigating real-world exploits that make use of ROP or stack based buffer overflow vulnerabilities.

Apr 29, 2021

9 min read
MS-teams-privilege-escalation

Research & Tutorials

Microsoft Teams for macOS Local Privilege Escalation

Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft Teams. Here’s how it works and how to secure it.

Nov 17, 2020

13 min read
TJNULL’S GUIDE TO BUILDING A HOME LAB

Research & Tutorials

How to Build a Cybersecurity Homelab

Build your own home lab with this extensive guide from TJnull. He covers the why and how, offers points of consideration, and shares his top resources.

Sep 23, 2020

19 min read
AMFI Syscall

Research & Tutorials

AMFI syscall

Csaba Fitzl covers the `dyld` restriction decision process in macOS and a previously undiscussed or undocumented AMFI (AppleMobileFileIntegrity) system call.

Jun 9, 2020

10 min read
DEBUGGING MACOS KERNEL

Research & Tutorials

macOS Kernel Debugging with SIP

As security researchers, we often find ourselves needing to look deep into various kernels to fully understand our target and accomplish our goals. Doing so on the Windows platform is no mystery, as there have been countless well-written posts about kernel debugging setups. For macOS, however, the situation is slightly different. There are many great

May 12, 2020

9 min read
analyzing-a-creative-attack-chain

Research & Tutorials

Analyzing a Creative Attack Chain Used to Compromise a Web Application

In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).

Sep 3, 2019

5 min read

Showing 27 - 39 of 47 entries