
Mar 3, 2025
February 2025 Content & Platform Update
Welcome to the OffSec February 2025 content update! Find the full scoop inside.
We’re excited to share the latest updates and new content that have enhanced our platform in February, designed to enrich your learning experience!
Team Admins will now have access to the Team Achievements page and get a unified view of collective progress, milestones, and successes.
By having all achievements in one place, you can easily track team performance, celebrate accomplishments, and identify opportunities for growth.
We have introduced a Team Achievements page under the Admin Console which offers you as an Admin, 3 different ways to view data, with various filters to help you find the information that you need:
- By achievement
- By Job Role
- By Individual
This will enable you to celebrate success as it allows you to see clearly what each individual has managed to earn. You will also be able to identify individuals that you need to help out and, most importantly, get a better understanding of your organization’s cyber coverage.
Kubernetes has become the industry standard for container orchestration in today’s cloud-native landscape. This foundational learning path introduces cybersecurity professionals to the essential concepts and practices needed to work with containerized applications and those getting started in cloud security. Learners will:
- Develop a practical understanding of Kubernetes architecture and core components
- Gain hands-on experience with basic deployment and management techniques
- Learn fundamentals of secrets management using HashiCorp Vault
- Explore common security considerations including exposed Kubernetes dashboards
Cloud automation has revolutionized how organizations deploy and manage infrastructure, but it has also introduced new security challenges through potential misconfigurations. This learning path provides security professionals with foundational knowledge of cloud automation techniques, their security implications, and strategies to prevent common misconfigurations. Learners will:
- Develop a practical understanding of DevOps processes and CI/CD pipelines
- Gain hands-on experience with Infrastructure as Code (IaC) using Terraform
- Learn to identify and exploit common CI/CD vulnerabilities and misconfigurations
- Build skills to implement secure automation practices in cloud environments
Investigate and analyze digital devices and data to uncover evidence related to a cyber incident. Understand how a hack, data breach or other malicious activity happened, identify attackers and collect evidence that can be used in legal proceedings. Learners will:
- Understand core principles of forensics and evidence handling procedures
- Practice executing forensic analysis on various types of digital evidence
- Use network forensic tools to trace attacks across networks, cloud-native applications, Windows devices and more
- Duration: 120mins
- Job Role: IT Generalist, Software Developer
Cloud Computing Network Forensics
- Duration: 240mins
- Job Role: Digital Forensics Analysts
Reflective Code Execution in Client Side Attacks
- Duration: 60mins
Information Gathering (Update)
- Duration: 1080mins
Phishing Basics
- Duration: 100mins
- Installer (CVE-2024-27622)
- Plant (this is our first SCADA/OT lab!)
- CVE-2024-51378 (Panel)
- ConfigMaster
- CVE-2025-21298
- One (CVE-2024-54309)
- ExCalibur (CVE-2024-6781)
- AImagery
- CVE-2024-42360
- Agent (CVE-2024-48050)
- QueryGenius
- Browsershot
- Answers Application
- Challenge Lab 4 – OSCP A (update)
- Challenge Lab 5 – OSCP B (update)
- Challenge Lab 6 – OSCP C (update)
- Wireshark and HTTP
- Wireshark and FTP
- Autopsy File Recovery
- Intro to file types and the file utility
- Fundamentals of Volatility
Ready to experience the full power of the OffSec Learning Library? Dive in today and explore our comprehensive training programs designed to elevate your cybersecurity skills.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read