Domain: offensive-security.com
Stories and comments across the archive that link to offensive-security.com.
Comments · 10
-
classes
-
Re:certs
CISSP teaches you NOTHING about pen testing. If you want to really learn, go here: https://www.offensive-security... It's good and cheap.
-
Re:Over a decade
umm...do you remember the Windows cursor exploit? It was basically an unchecked buffer between the Win32 and NT kernel APIs that allowed a specifically crafted cursor file to run privileged code on the user's system. Since custom cursors are part of the CSS standard, every web browser on Windows that supported CSS implemented this feature and was vulnerable to the exploit by just visiting a page that specified the correctly crafted file in their stylesheet. It didn't require any user download or any of the usual attack vectors (ActiveX plugins, Java or scripting).
A common way to spread malware these days is to break into an adserver and upload an exploit to it. Then the exploit will be distributed across even well known and trusted sites which display ads from a third party service. Our workstations at work commonly get malware from users visiting news sites.
What I'm saying is that even the most cautious users can get owned without doing anything stupid...
-
Re:Wow, some discovery
How about putting a structure you allow the user to specify the length of on the stack? Like it was done in the animated cursor in Windows (and of course exploited for an attack).
And, unlike games, that was in an OS that has been under attack for years when this was exploited.
Game developers usually don't consider security when they develop. If anything should be a dead giveaway, it's how DRM is implemented. I think we're going to see a lot more exploits targeting games in the future. For very obvious reasons:
- Tend to run with admin privileges due to DRM
- Little to no consideration for security during development
- AAA-titles usually widely spread, leaving a big attack surface
- Tend to be used with rather powerful machines due to requirements of the graphics engineAnd those are only the reasons that I could come up with without even thinking.
-
Re:Linux
Wrong.
Here, step by step directions on how you can make one:
http://www.offensive-security.com/metasploit-unleashed/SET_Java_Applet_Attack
-
Re:Here, let me save you the cover price
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training By the nice folks who distribute BackTrack Linux, by the way.
Nice work, definitely worth reading AND donating.
-
Here, let me save you the cover price
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
By the nice folks who distribute BackTrack Linux, by the way. -
Re:Promiscuous mode on any adapter?
On Windows, sure, on Linux, not so much:
http://backtrack.offensive-security.com/index.php/HCL:Wireless
-
BT3 FULLY supported the EEE before it launched..
BackTrack 3 Beta has fully support for the EEE and this was completed before the EEE was even released into the wild?!?!?!?!
http://www.offensive-security.com/
http://remote-exploit.org/backtrack.html -
Offensive Security Indeed
The page linked to requires Javascript - NoScript prevents it. http://www.offensive-security.com/movies/vistahack/vistahack.html