
Sep 1, 2023
September 2023 Content & Platform Update
Welcome to the OffSec September 2023 content update! Find the full scoop inside.
The OffSec Learning Library (OLL) continues to evolve nearly daily in response to the dynamic cybersecurity landscape. With each passing month, the OLL deepens in specialized knowledge and broadens in diverse cybersecurity topics.
This month, we’re proud to introduce a selection of 17 brand-new Learning Modules that further equip individuals and organizations with the most comprehensive and up-to-date cybersecurity learning resources available.
For those committed to building resilient software, these modules address common vulnerabilities and best practices:
- Credential Attacks for Developers
- Password Reset Vulnerabilities for Developers
- Cryptography for Web Developers
For those who specialize in identifying and exploiting vulnerabilities, these modules offer insights into advanced offensive techniques and the attacker’s mindset:
- Process Injection for Red Teamers
- Impairing Event Tracing for Windows (ETW) in User Mode
- Impairing Event Tracing for Windows (ETW) in Kernel Mode
- Windows Event Log Tampering Techniques
- Attacking Active Directory
- Hands-on SQL Injection with Python
- Firmware Analysis Basics
- Automated Firmware Unpackers
- Introduction to Embedded Systems
Navigate the complexities of cloud environments and continuous integration/continuous deployment with:
- Attacking CI/CD – Leaked Secrets to Poisoned Pipeline
- Attacking CI/CD – Insufficient Flow Control
- Attacking CI/CD – Dependency Chain Abuse
Sharpen your defensive skills and stay ahead of threats with modules focused on protection, detection, and response:
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read