
Feb 12, 2025
January 2025 Content & Platform Update
Welcome to the OffSec January 2025 content update! Find the full scoop inside.
As we step into another exciting year at OffSec, we’re thrilled to share the latest enhancements and additions to our offerings. January was a bustling month of growth and innovation, and we’ve made some fantastic updates to ensure your learning experience is more robust and rewarding than ever.
The new Content Overview Page provides a structured way to explore learning content. Access it from Explore, Search, or My Learning to see detailed descriptions, track progress, and navigate with new tabs.

Web Session Management with Java
Job Role: Software Developer
Duration: 600mins
Protecting Data
Job Role: IT Generalist, Software Developer
Duration: 120mins
Cloud Computing Network Forensics
Job Role: Digital Forensics Analyst
Duration: 240 minutes
Reflective Code Execution in Client Side Attacks
Job Role: Network Penetration Tester
Duration: 60mins
Information Gathering (Update)
Job Role: Network Penetration Tester
Duration: 1080mins
- CVE-2024-52309
- Lite (CVE-2024-48990)
- Bypass (Chain)
- Weather (Chain)
- Installer (CVE-2024-27622)
- Plant (this is our first SCADA/OT lab!)
- CVE-2024-51378 (Panel)
- ConfigMaster
- BitForge
- Clipper
- Silicon
- Pier
- Answers Application
- Fullmoon
- Wireshark and HTTP
- Wireshark and FTP
- Autopsy File Recovery
Ready to experience the full power of the OffSec Learning Library? Dive in today and explore our comprehensive training programs designed to elevate your cybersecurity skills.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read

Research & Tutorials
CVE-2025-29306 – Unauthenticated Remote Code Execution in FoxCMS v1.2.5 via Unserialize Injection
Discover details about CVE-2025-29306, a critical RCE vulnerability in FoxCMS 1.2.5. Learn how unsafe use of PHP’s unserialize() function enables remote attackers to execute arbitrary system commands.
Jul 3, 2025
2 min read

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read