Learning Solutions

Learning Library

Courses & Certifications

Industry-leading certifications and training for continuous learning
Learning Paths

Focused training to develop skills based on a specific area of interest
Job Roles

Rigorous training content and labs for the most critical and in-demand job roles
Skills Development

Focused training to develop critical cybersecurity skills
Industry Frameworks

MITRE ATT&CK- and D3FEND-aligned learning paths
Explore Learning Library

Cyber Ranges

Enterprise Cyber Range & Versus

Set up tournaments and test red and blue team skills in a live-fire cyber range
Offensive Cyber Range

Train on the latest attack vectors to address vulnerabilities
Defensive Cyber Range

Prepare for the next attack with simulated real-world training environments
Watch a demo
Why OffSec

Organizations

Teams & Enterprises

Continuous learning & hands-on skills development for cybersecurity teams
Public Sector

Unique training for government agencies and educational institutions
Use Cases

Meet critical cyber workforce needs with OffSec's learning platform
Contact sales

Individuals

Attain a Certification

Prove critical knowledge & skills with an industry-standard certification
Get Hands-on Practice

Challenge yourself in real-world lab environments
Increase Career Prospects

Ready yourself for the next step in your cybersecurity career
Buy now
Plans & Pricing

Organizations

Subscription Pricing

Provide continuous Learning Library access to build cyber workforce resilience
Cyber Ranges

Hands-on training in live-fire, simulation environments
Pentesting Services

Let OffSec conduct a comprehensive vulnerability assessment
Contact sales

Individuals

Pricing

Flexible options based on your learning goals
Learn One
Learn One

12-month access to a single course, related labs, and two exam attempts
Course & Certification Bundle
Course & Certification Bundle

90-day access to a single course, related labs, and one exam attempt
Learn Fundamentals
Learn Fundamentals

12-month access to introductory- and essential-level content
Proving Grounds Labs

OffSec-curated private labs to practice and perfect your pentesting skills
Buy now
Partners
Global Partner Program
Partner Portal Login
Find a Partner
Kali & Community
Join Our Community
Kali Linux
Community Projects
OffSec Discord
OffSec Live
Resources
Research & Tutorials | OffSec

Blog

Research & Tutorials

OffSec experts share cutting-edge vulnerability research, tool reviews, tutorials, virtual lab and content walkthroughs.
MSXPC-privilege-escalation
Research & Tutorials

Jan 31, 2022

9 min read

Microsoft OneDrive for macOS Local Privilege Escalation

Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft OneDrive. Here’s how it works and how to secure it.

Read more
tristram-pythonizing-nmap-featured

Research & Tutorials

Pythonizing Nmap

Tristram (aka gh0x0st) shares with us some tips for using python to automate nmap and other parts of your penetration testing process.

Nov 9, 2021

45 min read
PowerShell Obfuscation

Research & Tutorials

PowerShell Obfuscation

In this article, community moderator Tristram (gh0x0st) shares with us an approach to scripting payload obfuscation via PowerShell in order to avoid AV and AMSI detection.

Aug 23, 2021

20 min read
How we Teach Hacking

Research & Tutorials

Learning how to hack has a long feedback loop.

How do we learn hacking? What is OffSec’s teaching philosophy? We answer these questions and many more in our How We Teach Hacking webinar.

Aug 11, 2021

3 min read
Microsoft XFG

Research & Tutorials

eXtended Flow Guard Under The Microscope

Microsoft seems to be continuously expanding and evolving its set of security mitigations designed and implemented for Windows 10. In this blog post, we’ll examine an upcoming security feature called eXtended Flow Guard (XFG).

May 18, 2021

8 min read
MACOS LOCAL PRIVILEGE ESCALATION VIA CFPREFSD

Research & Tutorials

CVE-2021-1815 – macOS local privilege escalation via Preferences

Apple fixed three vulnerabilities in macOS 11.3’s Preferences. Here we present our writeup about how we identified one of the issues, and how we exploited it.

May 6, 2021

6 min read
Intel CET In Action

Research & Tutorials

Intel CET In Action

In this article, we’ll examine how effective CET is at mitigating real-world exploits that make use of ROP or stack based buffer overflow vulnerabilities.

Apr 29, 2021

9 min read
MS-teams-privilege-escalation

Research & Tutorials

Microsoft Teams for macOS Local Privilege Escalation

Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft Teams. Here’s how it works and how to secure it.

Nov 17, 2020

13 min read
TJNULL’S GUIDE TO BUILDING A HOME LAB

Research & Tutorials

How to Build a Cybersecurity Homelab

Build your own home lab with this extensive guide from TJnull. He covers the why and how, offers points of consideration, and shares his top resources.

Sep 23, 2020

19 min read
AMFI Syscall

Research & Tutorials

AMFI syscall

Csaba Fitzl covers the dyld restriction decision process in macOS and a previously undiscussed or undocumented AMFI (AppleMobileFileIntegrity) system call.

Jun 9, 2020

25 min read
DEBUGGING MACOS KERNEL

Research & Tutorials

macOS Kernel Debugging with SIP

As security researchers, we often find ourselves needing to look deep into various kernels to fully understand our target and accomplish our goals. Doing so on the Windows platform is no mystery, as there have been countless well-written posts about kernel debugging setups. For macOS, however, the situation is slightly different. There are many great

May 12, 2020

9 min read
analyzing-a-creative-attack-chain

Research & Tutorials

Analyzing a Creative Attack Chain Used to Compromise a Web Application

In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).

Sep 3, 2019

5 min read
Yahoo XSS 0-Day

Research & Tutorials

Yahoo DOM XSS 0day – Not fixed yet!

After discussing the recent Yahoo DOM XSS with Shahin from Abysssec.com, it was discovered that Yahoo’s fix is not effective as one would hope. According to Yahoo, this issue was fixed at 6:20 PM EST, Jan 7th, 2013. With little modification to the original proof of concept code written by Abysssec, it is still possible to exploit the original Yahoo vulnerability, allowing an attacker to completely take over a victim’s account. The victim has to be lured to click a link which contains malicious XSS code for the attack to succeed. This can demonstrated by the video we have created just this morning (Jan 8th, 2013) after Shahin kindly shared proof of concept code with us.

Jan 8, 2013

1 min read

Showing 14 - 26 of 33 entries