Research & Tutorials
OffSec experts share cutting-edge vulnerability research, tool reviews, tutorials, virtual lab and content walkthroughs.
Jun 30, 2022
9 min read
Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties
TJ shows us how adversaries use macro weaponization techniques to abuse hidden functionalities contained in Office document properties.
Research & Tutorials
What is XSS
OffSec’s Jeremy Miller helps cybersecurity professionals explain hacking to laypeople using the Cross-site Scripting (XSS) vulnerability.
Apr 26, 2022
1 min read
Research & Tutorials
IRQLs Close Encounters of the Rootkit Kind
Content developer Matteo Malvica walks us through IRQLs and how hardware interrupts can be abused.
Apr 11, 2022
0
Research & Tutorials
Introduction to Game Hacking
Explore our guided introduction to game hacking. Learn how data in memory can be manipulated to achieve results that are outside the normal program design.
Feb 23, 2022
0
Research & Tutorials
Microsoft OneDrive for macOS Local Privilege Escalation
Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft OneDrive. Here’s how it works and how to secure it.
Jan 31, 2022
5 min read
Research & Tutorials
Pythonizing Nmap
Tristram (aka gh0x0st) shares with us some tips for using python to automate nmap and other parts of your penetration testing process.
Nov 9, 2021
45 min read
Research & Tutorials
PowerShell Obfuscation
In this article, community moderator Tristram (gh0x0st) shares with us an approach to scripting payload obfuscation via PowerShell in order to avoid AV and AMSI detection.
Aug 23, 2021
20 min read
Research & Tutorials
Learning how to hack has a long feedback loop.
How do we learn hacking? What is OffSec’s teaching philosophy? We answer these questions and many more in our How We Teach Hacking webinar.
Aug 11, 2021
3 min read
Research & Tutorials
eXtended Flow Guard Under The Microscope
Microsoft seems to be continuously expanding and evolving its set of security mitigations designed and implemented for Windows 10. In this blog post, we’ll examine an upcoming security feature called eXtended Flow Guard (XFG).
May 18, 2021
8 min read
Research & Tutorials
CVE-2021-1815 – macOS local privilege escalation via Preferences
Apple fixed three vulnerabilities in macOS 11.3’s Preferences. Here we present our writeup about how we identified one of the issues, and how we exploited it.
May 6, 2021
6 min read
Research & Tutorials
Intel CET In Action
In this article, we’ll examine how effective CET is at mitigating real-world exploits that make use of ROP or stack based buffer overflow vulnerabilities.
Apr 29, 2021
9 min read
Research & Tutorials
Microsoft Teams for macOS Local Privilege Escalation
Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft Teams. Here’s how it works and how to secure it.
Nov 17, 2020
13 min read
Research & Tutorials
How to Build a Cybersecurity Homelab
Build your own home lab with this extensive guide from TJnull. He covers the why and how, offers points of consideration, and shares his top resources.
Sep 23, 2020
19 min read
Join the OffSec Community!
Our community members connect, communicate and collaborate on all things cybersecurity.