Become a Partner
Add OffSec to your list of training providers
Partner with usOffSec's new course and certification helps open doors to an exciting cybersecurity career.
Blog
Jan 31, 2022
9 min read
Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft OneDrive. Here’s how it works and how to secure it.
Research & Tutorials
Tristram (aka gh0x0st) shares with us some tips for using python to automate nmap and other parts of your penetration testing process.
Nov 9, 2021
45 min read
Research & Tutorials
In this article, community moderator Tristram (gh0x0st) shares with us an approach to scripting payload obfuscation via PowerShell in order to avoid AV and AMSI detection.
Aug 23, 2021
20 min read
Research & Tutorials
How do we learn hacking? What is OffSec’s teaching philosophy? We answer these questions and many more in our How We Teach Hacking webinar.
Aug 11, 2021
3 min read
Research & Tutorials
Microsoft seems to be continuously expanding and evolving its set of security mitigations designed and implemented for Windows 10. In this blog post, we’ll examine an upcoming security feature called eXtended Flow Guard (XFG).
May 18, 2021
8 min read
Research & Tutorials
Apple fixed three vulnerabilities in macOS 11.3’s Preferences. Here we present our writeup about how we identified one of the issues, and how we exploited it.
May 6, 2021
6 min read
Research & Tutorials
In this article, we’ll examine how effective CET is at mitigating real-world exploits that make use of ROP or stack based buffer overflow vulnerabilities.
Apr 29, 2021
9 min read
Research & Tutorials
Security researchers at Offensive Security discovered a vulnerability in the XPC service of Microsoft Teams. Here’s how it works and how to secure it.
Nov 17, 2020
13 min read
Research & Tutorials
Build your own home lab with this extensive guide from TJnull. He covers the why and how, offers points of consideration, and shares his top resources.
Sep 23, 2020
19 min read
Research & Tutorials
Csaba Fitzl covers the dyld
restriction decision process in macOS and a previously undiscussed or undocumented AMFI (AppleMobileFileIntegrity) system call.
Jun 9, 2020
25 min read
Research & Tutorials
As security researchers, we often find ourselves needing to look deep into various kernels to fully understand our target and accomplish our goals. Doing so on the Windows platform is no mystery, as there have been countless well-written posts about kernel debugging setups. For macOS, however, the situation is slightly different. There are many great
May 12, 2020
9 min read
Research & Tutorials
In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).
Sep 3, 2019
5 min read
Research & Tutorials
After discussing the recent Yahoo DOM XSS with Shahin from Abysssec.com, it was discovered that Yahoo’s fix is not effective as one would hope. According to Yahoo, this issue was fixed at 6:20 PM EST, Jan 7th, 2013. With little modification to the original proof of concept code written by Abysssec, it is still possible to exploit the original Yahoo vulnerability, allowing an attacker to completely take over a victim’s account. The victim has to be lured to click a link which contains malicious XSS code for the attack to succeed. This can demonstrated by the video we have created just this morning (Jan 8th, 2013) after Shahin kindly shared proof of concept code with us.
Jan 8, 2013
1 min read