
Aug 28, 2024
August 2024 Content & Platform Update
Welcome to the OffSec August 2024 content update! Find the full scoop inside.
This month, we’re excited to bring you a sneak peek of new functionality for Custom Learning Paths, a Learner Dashboard improvement, and numerous new machines. Let’s dig in!
You saw it here first! We will soon be releasing Machines in Custom Paths and a Machine Page. A lot of effort has gone into this release, and we’re eager to hear your feedback once this functionality is live.
What does this entail? Enterprise admins can now add labs (single hosts or chains) to Custom Learning Paths.
Stay tuned to find out more about this functionality and when will it be live!
We’re excited to release an improvement to the Learner Dashboard!
You will now see any ongoing tournaments or upcoming scheduled exams directly on your Dashboard, ensuring you receive timely reminders as soon as you log into the platform.
This update was driven by survey feedback from you, our learners! The Dashboard will continue to evolve based on usage and suggestions, so please feel free to join our research panel to provide feedback!

We have new sets of Offensive Cyber Range, Defensive Cyber Range, and Proving Grounds Practice machines available!
OCR:
- CVE-2024-27292
- CVE-2024-1561
- CVE-2024-3104
- Serialrunning
- Fired
- CVE-2024-4367
- CVE-2024-5452
- (Retired OSCP VMs x 72)
DCR:
- Intro To Wazuh
- Wazuh Suricata Intergration
- Wazuh Archives Intro
- Intro To Splunk
- Splunk Suricata Integration
PG Practice:
- Serialrunning
- Fired
- Onfire
- Droopy
Next month we’re going to be able to share even more content, a new certification, and bookmarking! So, stay tuned!
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read