
Jan 1, 2024
January 2024 Content & Platform Update
Welcome to the OffSec January 2024 content update! Find the full scoop inside.
In January, our cybersecurity learning library grew with significant enhancements. We rolled out the full Incident Responder Essentials Learning Path, meticulously designed to cultivate foundational skills for incident management. Additionally, the OffSec Cloud-Attack Learning Module introduces Learners to core offensive methodologies in cloud security.
Simultaneously, our first OffSec AI Learning Module provides a concise overview of AI’s evolution and its intersection with cybersecurity. Our commitment remains steadfast in delivering the most relevant and potent content, ensuring our Learners are equipped with cutting-edge knowledge in the ever-evolving field of cybersecurity.
Incident Responder Essentials Learning Path
The full Incident Responder Essentials Learning Path is now live on the OffSec Learning Library! For Learn Enterprise and Learn Unlimited subscribers, this learning path guides Learners through how to track, detect, isolate, mitigate, and report on incidents with a focus on tangible business impacts.
Examples of new Incident Response modules:
- Active Incident Containment
- Post Mortem Reporting
- Digital Forensics for Incident Responders
- Incident Eradication and Recovery
- Incident Response Communication Plans
- Incident Response Case Management
All of this month’s Build modules are available to Learn Fundamentals, Learn Unlimited, and Learn Enterprise Learners.
This module explains reading and writing files and sorting in the C programming language.
Scanning, Parsing, and Encoding in C
This module goes over scanning, parsing, and encoding data in C.
Secrets Management – Removing Hard-Coded Secrets
This module goes over an example application, teaching Learners to remove secrets hard-coded into the application.
Case Study: Dolibarr – The Dangers of Eval and Blocklist Validation
In this case study, Learners go over dangerous functions, practice their source code analysis skills, and review how attackers can bypass blocklist validation.
Public Cloud Reconnaissance – Post-Compromise Exploration – IAM
OffSec’s first Cloud-based Attack module is available via the Learn Enterprise and Learn Unlimited subscriptions.
This Learning Module teaches the essential skills for dissecting reconnaissance and enumeration techniques post-initial CSP account breach.
Available to all OffSec Learners, Background to Contemporary AI marks OffSec’s initial artificial intelligence training module, with more on the horizon.
This module covers the history of AI and the link between cybersecurity and AI, providing the Learner with an understanding of how AI came to be and how it is currently used in cybersec.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read