Legal

Offensive Security offers cybersecurity training and certification products and associated services. These products include pdf books, videos, and hands-on labs. These products and related materials may be downloaded, accessed online, or delivered in the form of live training.

 

Certain of our products are available on a subscription basis and require login credentials to access. Subscriptions are purchased on a per individual user basis. Login credentials may not be shared among individuals, groups, or teams or with third parties. A breach of the foregoing is a material breach of the Terms.

Product users may have access to an online account management page to manage their relationship with us depending on the product that they use.

Certification is granted if the standards required to pass an exam offered by Offensive Security are met. Exams may be proctored via webcam and screen capture. All product users and customers must comply with the Terms. All those who take our exams must comply with the Terms, our Academic Policy, Exam Guides, and Proctoring Guidelines.

The following capitalized terms are used in the Terms and have the meanings defined below.

Affiliate means a legal entity that directly or indirectly (a) controls (b) is controlled by or (c) is under common control of another legal entity.

Confidential Information means (a) our know-how (b) the content or configuration of Products, Materials, and exams (c) any other information that may help a person pass one of our exams (d) the terms of your Order (e) any other business, financial or technical information in any form which the Recipient should reasonably know is confidential.

Customer means a person or entity buying Product.

Customer User means a person using Product under a Customer’s account (a) as Customer’s employee (b) as Customer’s contractor (c) in another capacity identified in Customer’s Order.

Discloser means the party disclosing Confidential Information.

Damage(s) means loss(es), damage(s), or cost(s) arising in any way.

Data Privacy Laws means all data protection legislation in force from time to time applicable to the processing of Product User Personal Data including the General Data Protection Regulation ((EU) 2016/679) (GDPR).

Exam Guides means Offensive Security’s requirements and instructions for each of our exams found at https://support.offensive-security.com.

Exam Related Materials means (a) exam reports (b) lab reports (c) walkthroughs for any of our course or exam labs (d) video recordings of our labs, (e) other materials created by a Product user as a result of access to our Products, Materials, or exams that may help a person pass one of our exams.

FAQs means frequently asked questions found at FAQs.

Increase Notice means a notice we give you regarding any increase in the Price you pay will if you buy Products on a subscription basis.

Intellectual Property Rights means database rights, design rights, moral rights, patents, trademarks, service marks, trade and service names, copyrights, know-how, trade secrets, and similar rights existing anywhere in the world at any time.

Materials means video recordings, lab contents, pdf books, data, documents, graphics, tools, dashboards, software, code, scripts, other materials, and associated media provided by us with Product.

Order means our online or other registration or order form that describes the Products we provide you.

Payment Method means a valid credit or debit card(s) or other means of payment we accept.

Personal Data means the same as it does in GDPR.

Price means the amount payable for Products set out in your Order, and as adjusted by any Increase Notice.

Processing means the same as it does in GDPR.

Product(s) means our free or paid services, products, or features (a) as described in your Order or (b) which we otherwise authorize you to use.

Product User Personal Data means Personal Data provided to us by or about a Product user.

Recipient means the party receiving Confidential Information.

Site means www.offensive-security.com, other websites and community sites owned by us on which these terms and conditions appear, and subdomains of those sites and content provided through them.

Student means an individual registered with us to use a paid Product.

Terms means these terms and conditions and any further terms set out in your Order as applicable to you. If there is a conflict between your Order and these terms and conditions, your Order will take precedence.

We/our/us means OffSec Services Limited or one of its Affiliates.

You/your means Customer, Product user, and/or Site visitor depending on the context.

If we use the word “including” or similar words before describing any items, such items are examples only and should not be regarded as an exhaustive list.

The Terms create a legally binding agreement between you and us and apply every time you buy or use Products, Materials or Site. If you click online to indicate your acceptance of the Terms, make payment based on an Order that references the Terms, or continue to use Products or Site, you have agreed to the Terms.

We do not accept any other terms or conditions that you attempt to impose on us including those associated with any purchase order you issue. Such other terms and conditions will not apply to your Order.

You must ensure that any of your Affiliates or Customers Users that access Products you have bought from us comply with the Terms.

When you register with us to use Products you:

• Must be 18 years old or over
• Are subject to our standard Product user registration requirements
• May not be accepted as a Product user in our sole discretion
• Must provide accurate and complete information and then keep it up to date.

Our exams may be remotely proctored to ensure their integrity. Students must comply with our Academic Policy, Proctoring Guidelines, and applicable Exam Guide when taking our exams. If you breach our Academic Policy we may, in our sole discretion:

• Revoke all existing certification(s) you have obtained from us
• Disqualify you for life from all of our courses and exam(s)
• Disqualify you for life from buying our Products

You must pay the Price on the billing date and at the billing frequency mentioned in your Order.

We will charge you the Price on (a) each renewal of your subscription period or (b) at the billing frequency stated in your Order (if different) when you buy Products on a subscription basis.

You must tell us of any dispute over the Price within 15 days of the date of our invoice or your last billing date. Overdue amounts will incur interest at a rate of 1.5% per month or the maximum rate permitted by law (whichever is less) except for amounts disputed in good faith.

The Price excludes applicable taxes. If you must deduct withholding tax from the Price, you must pay us an amount that ensures our net receipt is the same as it would have been were the payment not subject to such withholding.

You must provide us with a Payment Method if you buy Products on a subscription basis unless we state otherwise in your Order. We can charge the Price to any Payment Method associated with your account.

We may suspend your access to Product until we have been able to charge your Payment Method for all amounts due. You are responsible for any (a) uncollected amounts (b) all fees or charges made by the Payment Method issuer.

You can update your Payment Method by going to your online account management page. We may also update your Payment Method using information provided by your payment service providers. We can continue to charge the applicable Payment Method(s) following any such update.

We use third parties to process payments. Your payment information, Payment Method, and other Personal Data will be passed to such third parties.

We may increase the Price by providing you with an Increase Notice at any time if you buy Products on a subscription basis. Any increase will apply from the next renewal of your subscription period occurring 30 days or more after the date of the Increase Notice.

We authorize you to use Site, Products, and Materials for your own personal use in accordance with the Terms.

You must make sure (a) you have the knowledge, expertise, equipment, and facilities needed to use Products (as posted on Site from time to time) (b) Products are suitable for your purpose.

You must start using a Product within any specific time period we specify and we are under no obligation to extend that period.

In relation to Products, Materials, and Site, you must not (a) remove or hide proprietary notices (b) remove or hide Personal Data we use to identify you as Product user including watermarks on the pdf books and videos you download (c) perform any attack, scan, test, probe, or penetration other than as specifically permitted by us in our course or exam materials (e) perform other actions that may cause damage (f) use data mining, robots, or similar data gathering methods (g) harm or interfere with other Product users.

To ensure you comply with the Terms, we will routinely monitor your activity while you are using our Products or taking an exam.

Some Products may allow interactivity among Product users including instant messaging, chatrooms, blogs, forums, polls, or bulletin boards. We do not routinely check interactions among Product users and accept no liability for material posted via these interactive features. We have no obligation to remove these materials but we may do so at our sole discretion.

You must not (a) use abusive, defamatory, illegal, or objectionable language (b) send advertising or marketing material (c) infringe others’ privacy, confidentiality, or intellectual property rights when using interactive Product features.

If you are a Customer purchasing Products for your Customer Users:

• As Customer, you are permitted to use Products and associated Materials for your own internal business purposes in accordance with the Terms
• As Customer, you may only allow your Customer Users to use Products and Materials
• As Customer, you must ensure Products and Materials are not shared between your Customer Users
• We can communicate directly with your Customer Users in relation to our products and services.

All Intellectual Property Rights in Site, Products, and Materials are owned by us. You have no rights in Site, Products, or Materials except as stated in the Terms. We own and will continue to own the media by which Products and Materials are provided to you. You cannot use our name, logos, trademarks, or any derivatives. You must not copy, share, sublicense, change, create derivative works from, or in any other way misuse any part of Site, Products, or Materials.

This includes not (a) sharing all or part of our course materials with any third party including by posting on any platform, repository, or on social media (b) video recording your screen while it interacts with any of our labs (c) using our course materials to assist any person to pass one of our exams including sharing lab walk-throughs, exam walk-throughs (d) accessing Site, Products, or Materials for competitive purposes.

If you share or publish Exam Related Materials in breach of the Terms, on the date of such breach, you automatically assign to us all Intellectual Property Rights in such Exam Related Materials together with all rights in respect of any infringement.

We collect and use (a) information related to your use of Products (b) your feedback on Products. We may use that feedback freely and without compensation to you and we will own all Intellectual Property Rights in derivative works we create based on that feedback.

Access to Products and Materials is subject to password and other security credentials we provide. We can change such passwords and other security credentials on notice. They must not be shared. You must:

(a) Put in place appropriate security measures to prevent unauthorized access to or disclosure of Products or Materials. Those measures must be consistent with standards reasonably expected of an information security professional.

(b) Promptly cure and inform us about any unauthorized access or disclosure of Products or Materials when you become aware.

We constantly improve our Products to deliver a better experience or better value to our Customers. We reserve the right to change a Product at any time (including changing specifications, delivery media, or platform or removing third-party owned content). We will not change a Product’s fundamental nature without letting you know.

We may provide self-help via various tools and will provide email and/or online access to our support team to help resolve Customer technical and other issues. The FAQs provide more information on the support we provide.

Recipient and its Affiliates must (a) hold Discloser’s Confidential Information in confidence and disclose it to no third party (b) use that Confidential Information solely for Recipient’s provision or use of Products. Recipient must ensure its Affiliates comply with the Terms relating to Confidential Information.

If you are Recipient, you will be in breach of your duties of confidentiality if you disclose:

• Information in your exam report
• Information in your lab report
• Any walk through for any of our course or exam labs
• Vulnerabilities and exploits in the context of any of our course or exam labs
• Any other information that may help a student pass our exams

Sharing or publishing such Exam Related Materials is also a breach of our Academic Policy.

Confidential Information will not include information which (a) is or becomes generally available to the public through no act or omission of Recipient or its Affiliates (b) becomes known to Recipient or its Affiliates through a third party (c) was lawfully in the possession of Recipient or its Affiliates before disclosure by the Discloser (d) is limited to the name and logo of Customer disclosed on Site or in our other promotional material.

If the law compels Recipient to disclose Discloser’s Confidential Information, Recipient must (a) provide prompt notice to Discloser (if legally permissible) (b) limit that disclosure to the extent of the legal requirement. Any disclosed information will remain Confidential Information despite that disclosure.

You and your Affiliates must promptly return, delete or destroy (at our discretion) our Confidential Information if your right to use Product terminates or when asked by us at any time. You can keep copies to the extent required by law and those copies will remain our Confidential Information.

Our Confidential Information is made up of trade secrets that (a) we own (b) are secret (c) have commercial value because they are secret (d) we have taken steps to keep secret.

We are the Data Controller (as defined in GDPR) of Product User Personal Data. We will process Product User Personal Data in accordance with the duties imposed on us under the Data Privacy Laws and our Privacy Notice from time to time.

In order for us to keep a public register of the status of our certificate holders, we reserve the right to publish Student information. This information includes (a) Student name (b) Student Offensive Security Identification Number (OSID) (c) course taken by Student (d) exam passed by Student (e) certificate issuance and cancellation status and information. We can also provide such information to any third party who has paid for you to access Products.

If you are a Customer User using Products via a Customer’s account:(a) Any account you create will be subject to control by Customer and Customer’s admins(b) Your account information and other Personal Data will be shared with Customer and Customer’s admins(c) Your Personal Data may also be visible to other Product users in Customer’s account

If the domain of the email address associated with your account is owned by a Customer and Customer wishes to add that email address to its account, the Personal Data concerning your existing account may become accessible to that Customer.

You must indemnify us against any Damages we suffer or incur if you breach any of the Terms. We may also, in our sole discretion:

• Revoke all existing certification(s) you have obtained from us
• Disqualify you for life from all of our courses and exam(s)
• Disqualify you for life from buying our Products

Our total liability to each other for Damages in connection with the Terms, Products or Materials will not exceed the amount paid by you for the Product giving rise to the claim during the 12 months immediately preceding the date the claim arose.

We have no liability to you if you are a Site visitor or user of our free Products only.

Neither of us will be liable for (a) indirect, incidental, punitive, special or consequential Damages (b) loss of profits (except regarding non payment of the Price) even if that Damage or loss could have been foreseen or prevented.

The limits on liability in the Terms do not apply to (a) fraud, fraudulent misrepresentation, gross negligence or willful misconduct (b) negligence causing death or personal injury (c) your indemnification obligations (d) a party’s infringement of the other’s Intellectual Property Rights (e) breaches relating to Confidential Information (f) your liability to pay the Price. Nothing in the Terms limits liability that cannot be limited by law.

Exercises contained in our labs should only be attempted inside our hosted lab environment which is segregated from the internet. Attempting these exercises in a live environment would be illegal without permission of the system owner. We do not authorize you to perform these exercises outside our lab environment. You must indemnify us against Damage we suffer or incur if you do so. If we provide you with links to other websites or services, accessing those links is at your sole discretion and risk. We do not review, endorse and are not responsible for such websites or services.

We exclude all warranties, conditions and other terms implied by law to the maximum extent allowed by law. We provide Site, Products and Materials “as is” and “as available” without warranty of any kind. We do not warrant that Site, Products or Materials (a) will be free of interruptions, delays, omissions, inaccuracies or errors or that any such thing will be corrected (b) will be available at any particular time or location (c) are free of viruses, worms, Trojan horses, email bombs, back doors or other harmful components (although we will implement reasonable measures designed to ensure Site, Products and Materials being are free of such items based on the nature and intended use of Products).

We will indemnify you against Damages you incur because of any claim that Product or Materials infringe the Intellectual Property Rights of a third party. This indemnity will not apply if Damages result from (a) the combination of Product or Materials with third party products or services (b) changes to Product or Materials other than by us (c) use of a version of Product or Materials if we have told you to use a later version (d) your breach of the Terms.

We can cure alleged or anticipated infringements of third-party Intellectual Property Right by (a) procuring the right for you to continue to use Product or Materials (b) modifying affected products or Materials so they become non-infringing without reducing performance or functionality (c) replacing affected Products or Materials with non-infringing items without reducing performance or functionality.

Our indemnification duties in this Section are subject to you (a) providing us with prompt notice of the claim (b) giving us control of the claim if we ask for it (c) co-operating at our expense in the defense or prosecution of the claim (d) not making any admission or trying to settle any claim without our prior written approval. You can participate in the defense of such claims through legal counsel of your choice and at your expense.

Neither party will be liable for Damages arising from failure to perform that party’s obligations due to circumstances beyond that party’s reasonable control. If those circumstances cause material deficiencies in a Product and continue for over 30 days, either party can terminate its obligations for the affected Product on notice to the other party.

We provide and you must use Products in accordance with applicable laws and regulations.

You must not obtain, keep, use, or provide access to any Product to an Affiliate, Product user or any other third party in a manner that may breach the export control or economic sanctions laws and regulations for any jurisdiction including the United States of America, the United Kingdom and the European Union and its Member States. You warrant that you are not (a) specially designated or sanctioned (b) affiliated with a specially designated or sanctioned person or entity, under any of such laws. You must not involve third parties that are subject to economic sanctions, including by submitting funds to us via sanctioned financial institutions when you deal with us or our Affiliates.

You must not use knowledge or expertise gained from Products in any illegal or unethical manner or to harm any person or entity.

If you are a Site visitor, the applicable Terms will apply for as long as you use our Site.

Otherwise, your agreement with us starts with effect from the date your Order is accepted by us and will stay in force until it is terminated in accordance with the Terms.

If you are entitled to use Product for a specific term, you cannot terminate your obligations during that term.

Your Order or online account management page will state if your Order is on a subscription basis and if so, the subscription period and the billing frequency. On expiry of each subscription period, your subscription will automatically renew for additional periods equal to your original subscription period unless terminated in accordance with the Terms.

We can suspend your rights in relation to Product if (a) we have the right to terminate such rights or (b) to protect our systems or security. Suspension will not affect any of our rights to later terminate your use of Products.

If you buy Products on a subscription basis:

• With a monthly subscription period, you can terminate your Order at any time by using your online account management page and following the instructions for cancellation or by giving us written notice.
• With any other subscription period, either of us can terminate your Order in the way specified in your online account management page or by giving to the other at least 30 days prior written notice to expire with effect from the end of the then current subscription period.

You will continue to have access to Products through to the end of your current subscription period. No refunds of the Price are given if you terminate part way through a subscription period.

Either party can terminate its obligations in relation to Product immediately on notice if the other party materially breaches the Terms and the breach (a) cannot be cured or (b) continues 30 days after the date the breaching party receives notice describing the breach and requiring it to be cured.

We can suspend or terminate your access to free Products, interactive Product features or Site at any time.

If you use Product under a Customer’s account that terminates, your right to use Product will also terminate automatically and without notice.

The Offensive Security “OffSec”  Code of Ethics stresses the importance of never compromising on impartiality, independence and integrity. Creating awareness on this is an important part of the OffSec certification program.

This Statement of Impartiality confirms OffSec’s commitment to ensuring that none of its assignments will cause any conflict of interest hampering the impartial business practices of OffSec.

To maintain impartiality in OffSec activities, OffSec adheres to the following guidelines:

• Business relationships which pose an unacceptable threat to impartiality  related to certification assignments will not be pursued by OffSec.
• OffSec will not outsource audits of its certification program to management-system consultancy organizations.
• Personnel who have provided management-system consultancy to a third party, including those acting in a managerial capacity, are not used to take part in an audit or other certification activities if they have been involved in management-system consultancy with the client in question within two years following the end of the consultancy.
• OffSec will consider taking appropriate action to respond to threats to its impartiality arising from the actions of other persons, bodies, or organizations.
• OffSec requires all certification-body personnel, either internal or external and committees who could influence the certification activities, to act impartially and not allow commercial, financial or other pressures to compromise impartiality.
• All personnel, internal and external, are required to disclose actual or potential conflicts of interest.

Notices

Notices of breach of the Terms by us must be given by email to legal@offensive-security.com attn General Counsel. Other notices to us must be given by email to orders@offensive-security.com. Notices to you will be given by email to any email address you provided to us in your Order or in your online account management page. Increase Notices may also be given through your online account management page.

Notices given by email to the correct email address will be deemed delivered when sent. Notices given through your online account management page will be deemed delivered when posted.

Survival of Terms

Terminating your rights to use Products will not affect your or our respective accrued rights and duties. The following sections of the Terms will survive termination: 2 (Definitions), 3 (Accepting the Terms) 12 (IP Ownership), 13 (Keeping our Products secure), 16 (Confidential Information), 17 (Your Data Privacy), 18 (Our liability to each other), 19 (What we are not responsible for), 22 (Complying with the law), and 25 (Miscellaneous terms).

Dispute Resolution

The Terms and disputes or claims about the Terms will be governed by the laws of the State of New York. Each of us consents to the non-exclusive jurisdiction of the federal and state courts located in New York City to settle disputes or claims about the Terms.

Nothing in the Terms prevents either of us from seeking an immediate injunction or similar remedy from any court of competent jurisdiction to prevent or restrain breaches of the Terms.

Changes

These terms and conditions can be changed by us from time to time and such changes will take effect when posted on Site. Your continued use of Product, Materials or Site constitutes your agreement to such changes. Assignment Without the other party’s prior written consent, neither of us can assign or transfer in any other way any right or duty under the Terms. We can assign the Terms (a) to an Affiliate (b) in connection with our or an Affiliates’ sale of a division, product or service (c) in connection with a reorganization, merger, acquisition or divestiture of us or an Affiliate or any similar business transaction.

Unenforceable Terms

If any non-fundamental Terms are illegal or unenforceable, those Terms will be deemed changed to the minimum extent necessary to make them legal and enforceable. Those Terms will be considered deleted if that change is impossible. Any change or deletion will not affect the validity and enforceability of the rest of the Terms.

Delays

If either of us delays or fails to exercise any right or remedy under the Terms, such delay or failure shall not constitute a waiver of that right or remedy.

Entire Agreement

The Terms contain the entire understanding between you and us about Site, Product and Materials and supersede all prior agreements or understandings, verbal or written. Each of us agrees that it has not relied on, and neither of us has any liability for, any representations not expressed in the Terms.