
Dec 1, 2023
December 2023 Content & Platform Update
Welcome to OffSec’s yearly recap for 2023! Find the full scoop inside.
As we bid farewell to 2023, let’s take a moment to reflect on the phenomenal year we’ve had at OffSec. It’s been an incredible journey of growth and learning in the realm of cybersecurity education.
- OffSec’s brand refresh: We embraced a new identity this year, rebranding as “OffSec.”Our new logo and visual style not only symbolize our growth but also our unwavering commitment to nurturing top-tier cybersecurity talent.
- Expansion of the OffSec Learning Library: We introduced 144 new and 155 updated modules, adding more than 1.1 million words to our library, 175 videos, and broadening our curriculum to include skills in defensive security, cloud security, and secure software development. We also refreshed our flagship course, Penetration Testing with Kali Linux (PEN-200.)
- Learn Enterprise: 2023 marked the debut of Learn Enterprise, offering comprehensive training resources and lab access, tailored for corporate teams to stay ahead in cybersecurity.
- OffSec Cyber Range: A new, dynamic training platform that offers training for both red and blue teams, enabling practical learning in a controlled, realistic environment. In 2023, we deployed 95 OCR Red Machines, and 48 OCR Blue Machines to support enterprise teams with hands-on cybersecurity experiences with exciting new updates to come next year.
- Kali Linux enhancements: Our continuous effort to refine Kali Linux saw multiple updates, introducing new tools and features to keep you at the forefront of cybersecurity tools and practices.
Curious to learn more about our achievements and the exciting developments at OffSec? Check out our detailed blog post, “OffSec’s 2023: A Year of Holistic Cybersecurity Education and Strategic Growth.” It’s a comprehensive look at our year’s highlights and future aspirations.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.
Jul 17, 2025
0
Research & Tutorials
What is Phishing? Introduction to Phishing Demo (for Beginners)
Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.
Jul 15, 2025
2 min read

Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read