OffSec

We at Offensive Security would like to thank all of our students, customers, and friends for a wonderful 2014. Its been a busy but productive year, with major upgrades to Kali Linux, the release of Kali NetHunter, the public launch of the hosted virtual labs,

For the past few months, we have been quietly beta testing and perfecting our new Enterprise Penetration Testing Labs, or as we fondly call it, the "Offensive Security Proving Grounds (PG)". Today, we are proud to unveil our hosted penetration testing labs - a

It's been a week since our release of the Kali Linux NetHunter, and the feedback is amazing. A NetHunter community has sprung up from nowhere, and the forums and github pages are really active. We're completely stoked about this community response, and are eag

In our previous Disarming Emet 4.x blog post, we demonstrated how to disarm the ROP mitigations introduced in EMET 4.x by abusing a global variable in the .data section located at a static offset. A general overview of the EMET 5 technical preview has been rec

With the emergence of recent Internet Explorer Vulnerabilities, we've been seeing a trend of EMET recommendations as a path to increasing application security. A layered defense is always helpful as it increases the obstacles in the path of an attacker. Howe

We have recently completed some renovations on the Exploit Database backend systems and moved the EDB exploit repository to Github. This means that it's now easier than ever to copy, clone or fork the whole repository. The previous SVN CVS has been retired.

With the nature of our business, we at Offensive Security take our system security very seriously and we appreciate the benefits of having "the crowd" scrutinize our internet presence for bugs. For this reason, we recently started our own Bug Bounty Program,

Over a year ago, when we first sat down and began on what would become Kali Linux, we realized that with all the major changes, we would also need to update our flagship course, Penetration Testing with BackTrack (PWB), to be inline with Kali Linux. With the r

We are proud to announce that we will be teaching Penetration Testing with Kali Linux at Black Hat's December event in Seattle Washington. This will be the second time we will be teaching this class live.

We are proud to release a new, updated, sample penetration test report. This report accurately reflects the types of assessments we conduct for our clients. It incorporates changes we have made over the last two years based on customer feedback, as well as ref

The Advanced Windows Exploitation (AWE) class in Vienna is coming up quick! This will be our first time teaching the class outside of the US and is the only public planned AWE this year outside of BlackHat Vegas. We have secured a beautiful facility on the 24

It’s been 7 years since we released our first version of BackTrack Linux, and the ride so far has been exhilarating. When the dev team started talking about BackTrack 6 (almost a year ago), each of us put on paper a few “wish list goals” that we each wan

After discussing the recent Yahoo DOM XSS with Shahin from Abysssec.com, it was discovered that Yahoo's fix is not effective as one would hope. According to Yahoo, this issue was fixed at 6:20 PM EST, Jan 7th, 2013. With little modification to the original pro

On a recent penetration test, we encountered an installation of CA ARCserve Backup on one of the target systems that piqued our interest. Like most "good" enterprise applications, ARCserve has processes that are running as SYSTEM so naturally, we went straight

Join us for a mind-blowing experience in a city known for its dynamic history and contemporary design, Vienna, Austria. For the first time in Europe we are holding our most intense live training course, Advanced Windows Exploitation (AWE). Be prepared to be ch

On one of our engagements, we figured an Onity Hotel door unlocker would be useful to us. Inspired by the James bond type setup we saw on the Spiderlabs blog post, we thought we'de try to build a small, simple and "TSA friendly" version of the Onity key unlock