Q3 Community Update | OffSec Academy, New Content, Giving Program

Oct 14, 2022

OffSec

OffSec

Content Team

Latest News

Since our update last quarter, so much has happened! We are excited to share all of the new features, products, services, and events that have occured this last quarter. This blog will update you on how OffSec supports and informs students transitioning into cybersecurity training and beyond through collaboration with organizations, community events, live streams, and much more.

Giving Program

We are pleased to announce that our Giving program has a new name: CyberDiversity in Action! Representing how the company supports non-profits, organizations and foundations focused on bridging the diversity gap in cybersecurity and information security worldwide. The program provides orgs free PWK courses to help individuals from under-represented groups such as women, blacks, LGBTQIA+, Latinx, low-income, disabled, and indigenous people the opportunity to enter the field of information security and thrive. OffSec is proud to present the new logo for the CyberDiversity in Action, as it will help organizations identify the cause of the giving program.  We thank our community for your hard work and dedication, ensuring everyone has a chance to work in cybersecurity.

Conferences and Community Events

The OffSec team has attended and/or sponsored the following conferences over the last quarter:

• BSides Charlotte, NC
• ThreatCon
• Women in Cybersecurity Middle East
• Red Team Village
• Blackhat 2022 Conference, Las Vegas, NV
• Adversary Village Panel at DefCon, Las Vegas, NV
• 502 project

OffSec has been very vocal in the cybersecurity community and supports many groups within the information security community with education, mentorship, and resources.  OffSec sponsors organizations that create opportunities for the community to grow their networks and leverage information security to advance their careers.

We sponsored the BSides Charlotte conference in North Carolina, US, with free OSCP vouchers and a hackers conference called ThreatCon, giving people the opportunity to enter the cybersecurity field. The Women in Cybersecurity Middle East group dedicated to increasing women’s participation in cybersecurity received OSCP vouchers for their upcoming CTF event in November as a prize for the winning team. We supported another CTF event hosted by a content creator named Alh4zr3d.

OffSec has also sponsored the Red Team Village (RTV). This organization provides workshops in offensive security and CTF events to professionals in the community with OffSec vouchers. We are proud to be a part of the community we serve.

August was an exciting time for our team members with the annual summer hackers camp in Las Vegas, USA.  Ethical hackers and cybersecurity professionals from around the world gathered at the famous hacking conference at Blackhat.  Over the four days, cybersecurity professionals received excellent training at our sold-out in-person courses on Advanced Windows Exploitation (AWE) and Penetration Testing with Kali Linux taught by OffSec’s expert instructors. Attendees also had the opportunity to speak with the community team members at the booth to ask technical questions and receive some swag.  OffSec’s speaker, TJNULL, joined the Adversary Village panel of speakers at the biggest hacking conference in the world, DefCon, to share the preparation guidelines for the OSCP/PWK PEN-200 course with the community.  Thanks to our exceptional group of trainers, speakers, and team members for engaging and providing information to a wide range of people interested in information security.

OffSec has responded to the growing need to prepare the next generation of cybersecurity professionals. Over the summer, OffSec collaborated with the 502 Project, which allows high school students to explore the field and learn cybersecurity principles to consider furthering their studies after graduation. We want to thank our two community moderators, Tristam and Omeganeth, for speaking to the students in a cyber panel about their careers and why they got into cybersecurity at the Cyber summer camp at Miami Senior High School earlier this summer.

Online Events

The OffSec community provides a space online for people to share information, host discussions, podcasts, and even contests and giveaways by moderators:

OffSec Academy:

PEN-200 offers weekly live Zoom sessions on Penetration Testing with Kali Linux to students registered in the PWK course. The Academy is facilitated by OffSec instructors to enhance students learning experience as they prepare for the OSCP exam. OffSec Academy airs every Wednesday at 12PM ET via Zoom for those registered for the PEN-200 course, including alumni. Take part, get more value out of the course, speak with instructors, and connect with former students. Register for the OffSec Academy: PEN-200 training stream sessions on Zoom.

OffSec LIVE

is a series of free streams that cover a variety of OffSec’s courses and general topics for students and the public. Expert instructors will provide review sessions and brief demonstrations on each course offered by OffSec. Other subject areas taught include how to break into a career in cybersecurity, which certificate to select, and resume writing tips, to name a few. These sessions provide additional opportunities for students to develop leadership skills, communication, and networking, all while gaining valuable employment skills.

OffSec LIVE airs every Friday at 5PM ET on Twitch for anyone interested in considering a career in cybersecurity, students and alums. Take advantage of this valuable opportunity and join the conversations with our instructors and connect with others to gain preparedness for your career in cybersecurity. Check out our next session.

Office Hour

This quarter we have tried something a little different for the online community on the Discord server. In addition to streaming the Office Hour on Discord, it is now available for a live stream on the Twitch channel. Closed captioning is available on the Twitch channel for those whose English is their second language.

Our student companions at Offensive Security provide online contests and extracurricular activities. On the OffSec Discord server in August, moderators set up a BBQ and recipe competition for users in the #food-and-recipes channel. Five winners were selected for submitting the best recipes and got some OffSec swag.

New Subreddit

OffSec has entered the Reddit space with the launch of the r/offensive-security subreddit as a forum that provides additional help and support for the online community. The subreddit is a forum that allows people to share personal experiences, coping strategies, and tips along with direct interaction with OffSec staff.

Podcasts

OffSec presents a wide range of podcast interviews to provide the community with some foundation skills for listeners to learn how cybersecurity works. The latest episodes cover how our staff members started their careers in information security. Click here to listen to Jim O’Gorman, OffSec, and Dave Kennedy, Founder of Binary Defense and TrustedSec talk about how to build a successful career in cybersecurity. In another podcast session, FalconSpy talks about how he entered the cybersecurity field as an Internal Pentester and the differences between internal and external pentesters, consulting, and compliance audits.

OffSec’s community manager, TJNULL, shares the top three areas people should focus on when getting started in cybersecurity or even switching career paths in an interview with The Red Team Village. Click here to listen to the full interview.

Join the ITSP magazine interview with TJNULL and hacker Philip Wylie, The Hacker Factory, as TJNULL shares his journey in the Pentesting field and discusses professional hacking. Click here to listen to the full interview on the Podcast.

Kali Linux

August 2022 had Kali Linux’s third update of the year. Highlights of this release include Test Lab Environment in-built directly into Kali, making more repositories open, and putting out requests to help Kali and other open-source projects.  As always, there are the usual package updates and new tools (5 this time)!

There were a few other changes that went on behind the scenes.  The top 3 were: How virtual machines are created has changed, more devices that are supported with Kali NetHunter in preparation for Andriod 12, and network mirror maintenance. Read the blog post for the rest.

Would you like to connect with other ethical hackers in the Kali space?

Kali Linux has a new Discord Server called Kali Linux & Friends for professionals and students interested in Kali Linux, Exploit-DB, and VulnHub. This new platform allows the Kali community to engage and learn alongside other students and professionals from different countries with life experiences resulting in being part of a community. Developers will stop by to chat and answer any questions about new features–enriching your education in many ways. Connect with others, learn and share in the latest Kali Linux & Friends Discord Server.

OSCP Exam

Breaking news! As of August, students can gain extra points for the OSCP exam without submitting a lab report and with fewer restrictions on which machine can or cannot be included. Offensive Security has introduced a simpler way for students to show proof of knowledge acquired during the course and progression.

Extra bonus points can be achieved by:

• Achieve 80% correct answers for each Topic for the PEN-200 Topic exercises
• Submit the proof.txt of at least 30 PEN-200 Lab Machines

All requested after the exam is the traditional exam report, and you are all set. Check out the current rules and the benefits of the new system.

Content and Labs

We are excited to share our latest updates to some courses and the learning portal. We have added new Topics and challenges to provide more value for our student’s learning experience. Updates include:

• CLD-100 New Topics

  • We’ve released CLD-100 with eight new Topics:
  • Introduction to CLD-100
  • Cloud Architecture Overview
  • Containers for Cloud I
  • Containers for Cloud II
  • Introduction to Kubernetes I
  • Introduction to Kubernetes II
  • Discovering Exposed Docker Sockets
  • Discovering Exposed Kubernetes Dashboards

• EXP-100 New Topics

  • We’ve released EXP-100 with four new Topics:
  • Introduction to x86-64 (Intel) Assembly, Part I
  • Introduction to x86-64 (Intel) Assembly, Part II
  • Introduction to ARM Assembly, Part I
  • Introduction to ARM Assembly, Part II

• Other 100-Level Content

  • We’ve also released the following Topics:
  • Storage Devices and Disk Imaging
  • Understanding Directory Traversal
  • Introduction to Network Firewalls
  • Incident Triage
  • Introduction to Cyber Security

• SOC-200 Challenge Labs

  • We’ve released two SOC-200 challenges for students to apply practical theory and skills learned during the course.

That’s a lot of new content for a single quarter! This is our way of ensuring OffSec training remains fresh and the value of your subscription to the OffSec Learning Library is high.

IT:

• Dark Mode

  • OffSec’s training library is now available in dark mode, making it easier on the eyes of the students while learning. Research shows that IT professionals prefer the dark mode because it is less straining on the eyes, better code syntax highlights the color in the code editor and increases concentration.

• B2B & B2C Flex Upgrades

  Offensive Security supports enterprises and organizations of all sizes with a flexible training program. Members can train their staff on their schedule based on their specific needs. Since August, Flex customers and individual businesses will be able to upgrade their subscriptions from:

  • Learn Fundamentals to Learn One
  • Learn Fundamentals to Learn Unlimited
  • Learn One to Learn Unlimited

• B2B individual License Upgrades

  Offensive Security has expanded its services to allow Enterprise customers to upgrade their Learn Fundamentals and Learn One subscriptions, including:

  • Upgrades from standalone courses to Learn One (within the same main course) or Learn Unlimited.
  • Allowing B2B master admin to upgrade individual licenses

  Contact your account manager to learn more about upgrading a business subscription.

Look out for our OffSec Academy trainers at the Blackhat Middle East and Africa event on 15th – 17th November 2022 at the Riyadh Front Expo Center.  Our trainers will provide the best training and certifications in the industry, such as windows exploitation, web attacks with Kali Linux, Pentesting with Kali, Security Operations and Defensive Analysis. Click here for more information on all the Offensive Security training at the expo.  We hope to see you there!

Do you have any questions on which certificate to take next?  Want to learn how to be interviewed?  Join the community and ask the experts during our weekly OffSec LIVE streams at 5 PM ET or post a question on our Subreddit.