We are aware of an unfortunate situation where a student has threatened to leak answers to our OSCP exams. This is counterproductive and disappointing, hurting both past & current students. We take the integrity of our exam process seriously & will do everything to protect it.
The development of a new Windows 10 1809 Kernel ASLR Bypass.
Grab a cup of coffee and buckle in, you will want to read this one all the way. A previously undocumented KASLR bypass as part of our course development process.
We want to thank the community for the strong support today. It’s humbling, thank you. Rest assured that we are taking measures to make sure the integrity of the OSCP stays strong. The leaked machines are out of rotation and no exam takers are impacted. We will continue updating.
The newest pentesting training course from Offensive Security is here! In Evasion Techniques and Breaching Defenses, learn advanced methods for avoiding detection and launching impactful attacks 👩🏾💻
Learn more:
So...you know that PWK update everyone's been asking for? IT'S HERE!
We've overhauled the prep course for the OSCP exam, adding more than 2x the content and 33% more lab machines. Get info plus FAQs in this blog post:
📣 Kali Linux 2022.1 is here, the first release of the new year!
Updates include:
☞Visual refresh
☞Shell prompt changes
☞VMware i3 Improvements
☞New tools
Learn more:
🚨 New Release Alert: Kali Linux 2021.3🚨
Updates include⚙️:
⇢ OpenSSL
⇢ New Kali-Tools site
⇢ Better VM support in the Live image session
⇢ New tools
⇢ Kali NetHunter smartwatch
⇢ KDE 5.21
Learn more:
After years of selling out at events all around the world, often in a matter of minutes, everyone can now register for AWAE online and experience what makes this class so popular.
Online signups are now open to the public!
#TryHarder
#offsec
#AWAE
Take a step toward securing your infosec career or advancing to the next level. Penetration Testing with Kali Linux teaches the foundational penetration testing skills required to earn your OSCP certification:
*taps mic* Ready for our next announcement?
Introducing individual labs for Proving Grounds, our virtual pentesting training network. Try Play for free, or upgrade to Practice for unlimited time. Learn more:
So
@CSCGlobal
is doing take down requests on
@ExploitDB
for any entry that contains the string “IBM” on behalf of
@BSAnews
and
@IBM
. Very interesting.
Anyone want to place bets on how this is going to turn out?
At long last, we are pleased to announce the availability of the AWAE certification: Offensive Security Web Expert (OSWE) !
Once you finish the online AWAE course, this test of your abilities will be waiting for you.
#offsec
Imagine a world where OSCP prep didn’t have to be stressful, and you had more time to prepare.
Behold the new PWK365 (with 2x the value)! Get 365 days of lab access and 2 exam attempts:
Many of us on the team wrote a kali training book then put it free online at .
You can use that fee material to prepare for the KLCP, and ensure you have the background on kali you need for PWK/OSCP.
To
@offsectraining
I am wondering what the easyis way to learn
@kalilinux
is at a minimal cost to me. I recently started a masters in cyber security and would like learn some tools that might not be covered in my classes I have been interested since the backtrack days
Changes to the OSCP exam structure are coming soon.
These changes will better reflect the current PWK materials and, most importantly, the skills needed to be a successful information security professional in today's landscape.
Learn more ➡
.
@kalilinux
has dropped a new release!
Updates:
🟣 Internal Infrastructure - Major stack changes are underway
🟣 Kali Autopilot - An overhaul of the automation attack framework
🟣 9️⃣ new tools
What an exciting time in OffSec land!
Kali turned six years old, just wrapped up an amazingly successful live PWK training in Tokyo, Black Hat Asia live trainings just about to happen (
#BHASIA
), and some HUGE news coming early next week you are all going to love!
#TryHarder
We have an announcement about our Cracking the Perimeter course. CTP will be retired this year, with the last date for purchase being October 15, 2020. Please read our update for info about what's happening and why:
🚨 New announcement🚨
OffSec has launched a podcast! In our first episode experts TJ Null, FalconSpy, and Jeremy (Harbinger) share the lesser-known ways to navigate PWK (PEN-200) in preparation for the OSCP certification:
We're excited to announce a new way to learn with Offensive Security: OffSec Academy, a new 90-day interactive virtual training and mentoring program for infosec professionals.
Find out more:
Whenever we retweet a student success story we are always pleased to see the community response of support and congratulations that ensues. This feeling of camaraderie that you all demonstrate is humbling.
Our classes are hard. But this is proof you can “Try Harder” and succeed.
We’ve updated AWAE with 50% more material, including:
✔️ XML external entity injection
✔️ Weak random token generation
✔️ DOM XSS
And more. Students currently in the course update for free! Explore the update:
It is important to understand not only the requirements but also the restrictions for the OSCP exam.
Since the exam evaluates your skills in a real-world environment, automated exploitation tools are not allowed. Here's more on exam restrictions:
We have decided to make the OSWE (WEB-300) sale pricing permanent so that web app security training remains affordable in 2021. Develop the skills to exploit web app vulnerabilities at a lower price:
.
@kalilinux
will be 1️⃣0️⃣ years old on Monday, March 13th! Join the celebration with office hours, an AMA, and a Puzzle Challenge.
☞ Kali Linux & Friends Discord:
☞ Reddit:
☞ 🧩 Challenge: coming 🔜
If you need a ramp up into Kali before taking PWK, check out Kali Linux Revealed. This is a free course developed by the creators of Kali Linux, which offers a professional certification:
We're excited to introduce the Kali NetHunter App Store, a new Android store dedicated to free security apps. Find out how you can participate in the public beta:
The newest exploit development course from Offensive Security is here 🦊 ! In Windows User Mode Exploit Development, you’ll learn how to create custom exploits, bypass security mitigations, and reverse-engineer bugs.
Explore the course:
Pentesting tip: if you're using qterminal in Kali Linux, you can enable "Unlimited History" in the Behavior preferences. This will allow you to scroll back through history on the current terminal prompt you're using.
Following its 10-year anniversary release,
@kalilinux
2023.2 is now here!
Highlights since March:
🟦 New VM image for Hyper-V
🟦 Xfce audio stack update
🟦 i3 desktop overhaul
🟦 GNOME 44
🟦 Menu updates and new tools
Are you Interested in pursuing a
#cybersecuritycareer
?
OffSec's Jeremy Miller, Busra Demir, and S1REN provided helpful advice and insights on how to break into
#cybersecurity
.
Watch the full OffSec Live session:
We analyzed a scenario where a malicious user can exploit a vulnerable web app using the following methods: Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).
We're proud to announce the details of the OffSec Giving Program today.
To start out, we're partnering with
@marcusjcarey
, with additional generous support from his employers at
@reliaquest
. Learn more:
In this post, community manager Tony Punturiero (
@TJ_null
) shows how to use PowerShell on Kali Linux to obtain initial access with PSSession on Windows and Linux.
We’re closing 2019 with a special gift for our students and colleagues: AWAE is on sale for $999 (regular price: $1400)! Includes 30 days of lab time and exam fee. Explore the course and register:
The OSCP is based on penetration testing skills – but why take the foundational course, Penetration Testing with Kali Linux (PWK/PEN-200), if you don’t plan to become a penetration tester?
Build your own home lab with this extensive guide from
@tj_null
. He covers the why and how, offers points of consideration, and shares his top resources. Check it out:
Although our exams have a minimum age requirement of 18, we may waive it in a few, select cases. Mihai is one of those cases. Meet a student who holds the OSCP at age 16!
"I believe that automation is crucial for some aspects of a penetration test...Allow me to show you various ways you can enhance your workflows by incorporating Python into your Nmap processes."
Let's Pythonize Nmap with guidance from Tristram (gh0x0st):
What a week!
The release of AWAE online () (Thanks to all the beta testers, you are the best!) and the release of a new KASLR Windows 10 bypass ()!
Told you it was going to be an exciting week.
Next week,
#BlackHatAsia
!
If you're at the beginning of your pentesting journey, you may have come across a book called The Pentester's Blueprint. Infosec professional
@DanielMiessler
shared his review:
Samuel Whang didn't have any background in penetration testing starting the journey to the OSCP exam. In this guest blog post, he shares the philosophical approach and mindset that took him from zero experience to certified OSCP.
If you've ever wanted to create vulnerable machines for OffSec, here's your chance. Today we're launching a new program that welcomes the community to submit boxes - and get paid. Find out more:
🔴 Lab and Topic demonstrations.
🔴 Student cohort-based interactions.
Experience a new learning journey with OffSec Live, a free program that will maximize your chances of earning the
#OSCP
.
📍 Twitch, Discord
ℹ️ Learn more:
OffSec student
@0xklaue
wrote this review of Advanced Web Attacks and Exploitation and the OSWE exam. Find out how to prepare and what you need to know.
Happy 10th birthday,
@kalilinux
🎂! Join the celebration with office hours, an AMA with our team of developers, and an exciting Puzzle Challenge.
☞ Kali Linux & Friends Discord:
☞ Reddit:
☞ Puzzle Challenge: Details coming 🔜
We’re bringing back the big year-end sale on AWAE...and making it bigger! Get the course, an exam attempt, and 30, 60, or 90 days of lab time starting at $999. Offer ends Dec 31, 2020. Explore the course:
These three certifications complete the OSCE³:
→ OSWE
→ OSEP
→ OSED
Thinking about purchasing multiple products? Contact us to get a discount on bundled courses: