The Value of SubscriptionsBy Jim O’Gorman

We recently announced our new subscription products, Learn One and Learn Unlimited, and we are really excited about the response they have received. These subscription products represent a change from…

New OffSec Training Library Subscriptions: Learn One and Learn Unlimited

WHAT IS THE NEW OFFSEC TRAINING LIBRARY ALL ABOUT? As part of our ongoing work to improve the quality and depth of course offerings at Offensive Security, we have created…

PowerShell Obfuscation

Topics: AMSI | Layer 0 Obfuscation | Breaking Down a Reverse Shell | Stepping Into the Gauntlet | Invoke-PSObfuscation.ps1 | Wrapping Up | Resources This blog post was originally published…

Learning how to hack has a long feedback loop.

Hacking is a different discipline compared to other things that you learn because there is a long feedback loop. In a traditional educational setting, we are used to receiving specific…

What’s New at OffSec – May 2021

Discord Server Updates Server Statistics It’s been nearly a month since we’ve migrated the community from our Rocket.chat self-hosted platform to Discord.  Before Rocket.chat closed, we had roughly 8200 users…

Introduction of Recently Retired OSCP Exam Machines in PWK Labs

Over the years our Penetration Testing with Kali Linux (PWK) course, previously known as Pentesting with BackTrack (PWB), has earned a reputation of being the de-facto standard for educational content…

eXtended Flow Guard Under The Microscope

Microsoft seems to be continuously expanding and evolving its set of security mitigations designed and implemented for Windows 10. In this blog post, we’ll examine an upcoming security feature called…

CVE-2021-1815 – macOS local privilege escalation via Preferences

Apple recently fixed three vulnerabilities in macOS 11.3’s Preferences. Although we also reported the vulnerability, it was first found by Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020). Here we presentour…

Intel CET In Action

As part of our continuous update cycles for our Advanced Windows Exploitation (AWE) class, we examine each new security mitigation and ensure we understand how it works and how it…

Understanding the tools/scripts you use in a Pentest

Earlier today a student shared with the infosec community that they failed their OSCP exam because they used a popular Linux enumeration tool called linPEAS. linPEAS is a well-known enumeration…