
Nov 1, 2023
November 2023 Content & Platform Update
Welcome to the OffSec November 2023 content update! Find the full scoop inside.
Introducing the OffSec Customer Research Panel — your chance to directly shape OffSec Learning Library and product suite with your feedback. A great opportunity for learners and subscribers to contribute insights and enhance the OffSec experience!
Streamline your team’s access with Single Sign-On via OpenID Connect (OIDC). This integration simplifies login processes, enhancing security and efficiency for Enterprise users. A seamless, secure way to manage team access to our learning resources. Learn more about how to get started here.
Easily transfer Learn Enterprise licenses among team members. Ideal for reallocating resources within your team, this feature allows admins to reassign active licenses to new learners as needed. Simple and flexible, ensuring your team’s learning never misses a beat.
Public Cloud Reconnaissance – External Probing
Available to Learn Enterprise and Learn Unlimited subscribers, this module teaches effective external probing in public cloud environments.
For Learn Enterprise and Learn Unlimited subscribers, this module guides on secure NGINX server configurations.
Hunting for Reflective DLL Injection
Available to Learn Enterprise and Learn Unlimited subscribers, focusing on identifying and mitigating Reflective DLL Injection.
This module for Learn Enterprise and Learn Unlimited subscribers provides a comprehensive introduction to incident response.
For Learn Enterprise and Learn Unlimited subscribers, detailing the structured approach to handling security incidents.
Available to Learn Enterprise, Learn Unlimited, and Learn Fundamentals subscribers, this module addresses the enforcement of robust access policies.
Insecure Deserialization for Developers
Offered to Learn Enterprise, Learn Unlimited, and Learn Fundamentals subscribers, focusing on secure coding practices against deserialization risks.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read