
Oct 1, 2023
October 2023 Content & Platform Update
Welcome to the OffSec October 2023 content update! Find the full scoop inside.
This month, we’re excited to unveil 6 additional modules to the OffSec Learning Library. With clear, in-depth content, these resources cater to a spectrum of expertise, offering practical insights for every security learner.
Available to Learn Enterprise & Learn Unlimited subscribers, this module goes beyond pen testing and offers training for folks who want to adopt an offensive mindset.
Available to Learn Enterprise and Learn Unlimited subscribers, this module helps learners automate the process of tampering with event logs for testing and security research purposes.
Available for all Learn subscriptions, this module is great for junior defensive team members.
Available to advanced Learn Enterprise and Learn Unlimited subscribers, this module helps advanced blue teams set up and manage existing environments.
Available with any Learn subscription, this module is the first of many mobile training modules that support the growing risk landscape via mobile devices.
Available with any Learn subscription, Logging and Monitoring helps software development teams identify vulnerabilities, detect unauthorized access, and respond to security incidents in real-time.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read