
Jul 24, 2012
Offsec BlackHat / Defcon Scavenger Hunt
Are you in Vegas for BlackHat and Defcon ? Are you desperately looking for Offensive Security schwag ? We are giving out Metasploit books, BackTrack Challenge coins and large sized BackTrack Decals in this years BlackHat and Defcon conferences. So, what exactly does one need to do to get these wonderful, sought after gifts ? It’s easy:
Are you in Vegas for BlackHat and Defcon ? Are you desperately looking for Offensive Security schwag ? We are giving out Metasploit books, BackTrack Challenge coins and large sized BackTrack Decals in this years BlackHat and Defcon conferences.
So, what exactly does one need to do to get these wonderful, sought after gifts ? It’s easy:
- Find the Offsec team member that looks like Ozzy Ozbourne. Convince him to show you the “5 minute warning“.
- Make muts an offer he can’t refuse… get him to give you one of his penguins.
- Find Johnny Long. Sing the Ugandan National Anthem to him (in Swahili). Record it on video.
- Collect 3 “Backtrack” or “Pain and Suffering” temporary tatoos. Apply them on your forehead.
- Show us your Spanking, brand new BackTrack 5 R3 pre-release, installed on physical hardware (not Virtual!).
- Take a picture of a group of 6 or more people wearing the Backtrack 2012 T-shirt.
- Get the signatures of the “Metasploit – The Penetration Testers guide” authors on your forearm.
- Find the Offsec gorilla. Take a picture of his special parts.
- Find an Exploit-DB member with a serial number. Submit an unpublished exploit to them in person.
- Find the Offsec Italian. Have him record you re-enacting a scene from the Godfather.
- Find the master-less samurai. Arm wrestle him.
Make sure you get a “completion voucher” from each one of your targets. You can redeem your vouchers during Defcon at the HFC booth. You better hurry though…prizes are limited to one per task. Let the games begin!
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.
Jul 17, 2025
0
Research & Tutorials
What is Phishing? Introduction to Phishing Demo (for Beginners)
Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.
Jul 15, 2025
2 min read

Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read