Blog
Research & Tutorials
Nov 28, 2023
7 min read
Advanced Persistent Threats: OffSec’s Comprehensive Guide
Explore key strategies to safeguard against Advanced Persistent Threats (APTs), focusing on prevention, response, and recovery in cybersecurity.
Research & Tutorials
In the Hunt for the macOS AutoLogin Setup Process
OffSec’s Csaba Fitzl shares how he reverse-engineered the macOS auto-login process, including the walls he hit, and the times he resorted to trial-and-error approaches.
Sep 23, 2022
14 min read
Research & Tutorials
Introduction to Car Hacking: The CAN Bus
The CAN bus (Controller Area Network bus) is a central network that a vehicle communicates with its components. We can think of this in regard to the fact that the vehicle has many functions that operate via electrical signals. The car has door locks, a speedometer, a gas gauge, controls for the brakes, controls for the gas pedal, and many, MANY more.
Aug 1, 2022
21 min read
Research & Tutorials
Start Studying Security with SQLi
We previously explored how Cross-Site Scripting (XSS) makes for an excellent topic to understand the reach and impact of hacking. In this post, we’ll improve on conceptual understanding and try to help non-technical folks understand one of the core issues of information security: the fundamental ambiguity of code and data.
Jul 12, 2022
8 min read
Research & Tutorials
Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties
TJ shows us how adversaries use macro weaponization techniques to abuse hidden functionalities contained in Office document properties.
Jun 30, 2022
9 min read
Research & Tutorials
What is XSS
OffSec’s Jeremy Miller helps cybersecurity professionals explain hacking to laypeople using the Cross-site Scripting (XSS) vulnerability.
Apr 26, 2022
1 min read
Research & Tutorials
IRQLs Close Encounters of the Rootkit Kind
Content developer Matteo Malvica walks us through IRQLs and how hardware interrupts can be abused.
Apr 11, 2022
Research & Tutorials
Introduction to Game Hacking
Explore our guided introduction to game hacking. Learn how data in memory can be manipulated to achieve results that are outside the normal program design.
Feb 23, 2022
Research & Tutorials
Microsoft OneDrive for macOS Local Privilege Escalation
Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft OneDrive. Here’s how it works and how to secure it.
Jan 31, 2022
9 min read
Research & Tutorials
Pythonizing Nmap
Tristram (aka gh0x0st) shares with us some tips for using python to automate nmap and other parts of your penetration testing process.
Nov 9, 2021
45 min read
Research & Tutorials
PowerShell Obfuscation
In this article, community moderator Tristram (gh0x0st) shares with us an approach to scripting payload obfuscation via PowerShell in order to avoid AV and AMSI detection.
Aug 23, 2021
20 min read
Research & Tutorials
Learning how to hack has a long feedback loop.
How do we learn hacking? What is OffSec’s teaching philosophy? We answer these questions and many more in our How We Teach Hacking webinar.
Aug 11, 2021
3 min read
Research & Tutorials
eXtended Flow Guard Under The Microscope
Microsoft seems to be continuously expanding and evolving its set of security mitigations designed and implemented for Windows 10. In this blog post, we’ll examine an upcoming security feature called eXtended Flow Guard (XFG).
May 18, 2021
8 min read