Empowering the world to fight cyber threats with indispensable cybersecurity skills and resources. Support queries: offsec.com/contact-us/

#OSAI is officially here! 📣🐺 OffSec’s newest certification for hands-on offensive operations against AI-enabled systems is now available for purchase with Learn One, Course & Cert Bundle, and Learn Enterprise. Built for practitioners who want to apply an adversary mindset to modern AI systems and stay ahead as the attack surface evolves. 🔗 offsec.com/courses/OSAI/
15
32
183
30,778
The quieter you become, the more you are able to hear... the heartbeat of your target.
29
283
2,352
115,624
Attention @kalilinux users! In the coming day(s), apt update is going to fail for pretty much everyone. The reason? We had to roll a new signing key for the Kali repository. You need to download and install the new key manually: offs.ec/4lUEtak
44
411
1,477
243,734
We are aware of an unfortunate situation where a student has threatened to leak answers to our OSCP exams. This is counterproductive and disappointing, hurting both past & current students. We take the integrity of our exam process seriously & will do everything to protect it.
96
330
1,253
🧵Resources for a Successful #Cybersecurity Job Hunt🧵
54
338
1,178
The development of a new Windows 10 1809 Kernel ASLR Bypass. offs.ec/2HvKZEe Grab a cup of coffee and buckle in, you will want to read this one all the way. A previously undocumented KASLR bypass as part of our course development process.
11
507
1,063
What inspired you to pursue cybersecurity?
374
78
969
We want to thank the community for the strong support today. It’s humbling, thank you. Rest assured that we are taking measures to make sure the integrity of the OSCP stays strong. The leaked machines are out of rotation and no exam takers are impacted. We will continue updating.
32
166
949
🧵Free Resources to Help Your Learning Journey 🧵
39
268
933
CVE-2025-21298 is a no-click, high-risk vulnerability in Windows. Malicious RTF files can execute code remotely just by being previewed in Outlook. Get the full details and mitigation steps: offs.ec/4hkUfs7
10
315
977
101,409
Kali wallpapers, ready to deploy. 🔗 Official Wallpapers: offs.ec/4kxwLC7 🔗 Legacy Wallpapers: offs.ec/4kzabZN 🔗 Community Wallpapers: offs.ec/3FcBkSj
12
118
946
59,750
The newest pentesting training course from Offensive Security is here! In Evasion Techniques and Breaching Defenses, learn advanced methods for avoiding detection and launching impactful attacks 👩🏾‍💻 Learn more: offs.ec/3e16TN3
18
223
918
So...you know that PWK update everyone's been asking for? IT'S HERE! We've overhauled the prep course for the OSCP exam, adding more than 2x the content and 33% more lab machines. Get info plus FAQs in this blog post: hubs.ly/H0mZzFL0
57
307
897
I 💙 Kali Linux because _____________.
236
58
765
📣 Kali Linux 2022.1 is here, the first release of the new year! Updates include: ☞Visual refresh ☞Shell prompt changes ☞VMware i3 Improvements ☞New tools Learn more: offs.ec/3gLffe3
10
179
749
🚨 New Release Alert: Kali Linux 2021.3🚨 Updates include⚙️: ⇢ OpenSSL ⇢ New Kali-Tools site ⇢ Better VM support in the Live image session ⇢ New tools ⇢ Kali NetHunter smartwatch ⇢ KDE 5.21 Learn more: offs.ec/2XhC432
16
191
737
Have you customized your Kali Linux desktop yet? Here's how: offs.ec/3qe0BhV
14
142
736
We’d like to share this statement from Offensive Security CEO Ning Wang:
58
189
734
After years of selling out at events all around the world, often in a matter of minutes, everyone can now register for AWAE online and experience what makes this class so popular. Online signups are now open to the public! offs.ec/2Y7f9Tl #TryHarder #offsec #AWAE
24
322
732
Take a step toward securing your infosec career or advancing to the next level. Penetration Testing with Kali Linux teaches the foundational penetration testing skills required to earn your OSCP certification: hubs.ly/H0qGXyQ0
16
112
680
Leaner, faster, and cleaner. The new Exploit Database is live! offs.ec/2TLYDpJ
21
326
671
How do you prevent burnout?
230
61
649
48 6f 77 20 64 69 64 20 79 6f 75 20 64 65 76 65 6c 6f 70 20 74 68 65 20 61 64 76 65 72 73 61 72 69 61 6c 20 6d 69 6e 64 73 65 74 3f 20
176
78
649
Kali 2024.3 is here! offs.ec/3XmGP6n ⚙️Changelog: 🟣 Qualcomm NetHunter Pro devices - Qualcomm Snapdragon SDM845 SoC now supported 🟣 11x new tools in your arsenal
7
126
606
37,260
In this student spotlight, OSCP holder Rana Khalil shares the story of how she elevated her penetration testing skills: offs.ec/3aGndmO
8
74
595
We have big news: @vulnhub has joined the OffSec family! Head to the blog to learn more. offs.ec/3gcu3Aj
14
188
585
"I got a shell!"
7
86
561
A new chapter is beginning.
44
46
545
157,286
"I got a shell!"
4
79
556
*taps mic* Ready for our next announcement? Introducing individual labs for Proving Grounds, our virtual pentesting training network. Try Play for free, or upgrade to Practice for unlimited time. Learn more: offs.ec/2DmQJQq
20
213
538
In response some of the confusion last week, we wanted to clarify our processes on preventing cheating. offs.ec/2WzKuh0
15
186
536
Looking for some free infosec resources? Check out OffSec's community projects: offs.ec/2ZVKWZl
1
152
520
Today we're excited to unveil Kali Linux 2024.1! offs.ec/49ykPdo Updates include: ⚙️ Micro Mirror Free Software CDN ⚙️ 2024 Theme Refresh ⚙️ Other Desktop Environment Changes ⚙️ NetHunter Updates ⚙️ New Tools
6
88
531
35,795
So @CSCGlobal is doing take down requests on @ExploitDB for any entry that contains the string “IBM” on behalf of @BSAnews and @IBM. Very interesting. Anyone want to place bets on how this is going to turn out? exploit-db.com/exploits/4161…
60
258
501
At long last, we are pleased to announce the availability of the AWAE certification: Offensive Security Web Expert (OSWE) offs.ec/30jnmFo ! Once you finish the online AWAE course, this test of your abilities will be waiting for you. #offsec
17
168
499
Offensive Security Certifications and Exam Proctoring changes: offs.ec/2LEyMPb
40
273
489
Imagine a world where OSCP prep didn’t have to be stressful, and you had more time to prepare. Behold the new PWK365 (with 2x the value)! Get 365 days of lab access and 2 exam attempts: offs.ec/3rRHE65
38
116
485
I can't. I can't, yet.
6
69
473
Ultimately, cybersecurity is about __________.
305
27
446
Privilege Escalation in Action: Using PSSPY 🔍 Here’s a real-time look at how a root process (SSHD) triggered malicious code execution, flipping a root shell into an SUID shell.
6
74
462
22,562
The most underrated soft-skill for a penetration tester is ___________.
145
42
436
In this student spotlight, OSCP holder @rana__khalil shares her thoughts on what it takes to succeed in cybersecurity: offs.ec/2UZH73f
9
47
450
Tell us you're a penetration tester without telling us you're a penetration tester.
233
42
438
Many of us on the team wrote a kali training book then put it free online at kali.training/. You can use that fee material to prepare for the KLCP, and ensure you have the background on kali you need for PWK/OSCP.
To @offsectraining I am wondering what the easyis way to learn @kalilinux is at a minimal cost to me. I recently started a masters in cyber security and would like learn some tools that might not be covered in my classes I have been interested since the backtrack days
5
164
434
Changes to the OSCP exam structure are coming soon. These changes will better reflect the current PWK materials and, most importantly, the skills needed to be a successful information security professional in today's landscape. Learn more ➡ offs.ec/3lpOQoC
44
133
442
The calm amongst a sea of screens.
6
40
417
22,203
.@kalilinux has dropped a new release! offs.ec/45FhcQx Updates: 🟣 Internal Infrastructure - Major stack changes are underway 🟣 Kali Autopilot - An overhaul of the automation attack framework 🟣 9️⃣ new tools
4
95
425
46,531
🧵Free Resources to Help Your Learning Journey 🧵
21
115
412
How do you gain RCE on PostgreSQL with misconfiguration? 🟪 Test default credentials 🟪 Verify the port being used 🟪 Run the exploit with the correct parameters to execute a command
5
71
425
27,713
What an exciting time in OffSec land! Kali turned six years old, just wrapped up an amazingly successful live PWK training in Tokyo, Black Hat Asia live trainings just about to happen (#BHASIA), and some HUGE news coming early next week you are all going to love! #TryHarder
15
58
378
We have an announcement about our Cracking the Perimeter course. CTP will be retired this year, with the last date for purchase being October 15, 2020. Please read our update for info about what's happening and why: offs.ec/2FmmD01
26
177
389
#OSCP exam prep resource: offs.ec/3hAG8Fx. Download it. Bookmark it. Share it. #RoadtoOSCP
3
88
374
53,056
When you hear someone say "think like a hacker", what do you think that means?
126
22
375
62,302
🚨 New announcement🚨 OffSec has launched a podcast! In our first episode experts TJ Null, FalconSpy, and Jeremy (Harbinger) share the lesser-known ways to navigate PWK (PEN-200) in preparation for the OSCP certification: offs.ec/3dm31qh
9
82
377
We're excited to announce a new way to learn with Offensive Security: OffSec Academy, a new 90-day interactive virtual training and mentoring program for infosec professionals. Find out more: hubs.ly/H0rG06g0
14
112
366
Whenever we retweet a student success story we are always pleased to see the community response of support and congratulations that ensues. This feeling of camaraderie that you all demonstrate is humbling. Our classes are hard. But this is proof you can “Try Harder” and succeed.
5
46
362
What’s your spirit animal? Ours is... all of them 🐉🐙🕷️🐝🦊
15
35
356
24,359
We’ve updated AWAE with 50% more material, including: ✔️ XML external entity injection ✔️ Weak random token generation ✔️ DOM XSS And more. Students currently in the course update for free! Explore the update: offs.ec/3fuIE9V
17
91
353
We have decided to make the OSWE (WEB-300) sale pricing permanent so that web app security training remains affordable in 2021. Develop the skills to exploit web app vulnerabilities at a lower price: offs.ec/2Jjx0nI
12
60
352
It is important to understand not only the requirements but also the restrictions for the OSCP exam. Since the exam evaluates your skills in a real-world environment, automated exploitation tools are not allowed. Here's more on exam restrictions: offs.ec/3tMSyLe
14
94
366
We've provided tips and resources you can use to prepare for the #OSCP. All in one place. Download the e-book: offs.ec/3BEpfkg #pen200 #penetrationtesting #cybersecuritytraining #ethicalhacking #roadtooscp #oscp
6
95
350
50,594
.@kalilinux will be 1️⃣0️⃣ years old on Monday, March 13th! Join the celebration with office hours, an AMA, and a Puzzle Challenge. ☞ Kali Linux & Friends Discord: discord.com/invite/jwhaVmy74… ☞ Reddit: teddit.net/r/offensive_secur… ☞ 🧩 Challenge: coming 🔜
3
77
334
41,813
October is cybersecurity awareness month. What are your top tips for keeping systems and data safe?
82
106
346
Download our #OSCP ebook - a comprehensive resource for OSCP prep from start to finish: offs.ec/3eyT6lu #RoadtoOSCP #offensivesecurity #pen200
2
85
346
If you need a ramp up into Kali before taking PWK, check out Kali Linux Revealed. This is a free course developed by the creators of Kali Linux, which offers a professional certification: hubs.ly/H0mPPHX0
4
103
339
We're excited to introduce the Kali NetHunter App Store, a new Android store dedicated to free security apps. Find out how you can participate in the public beta: hubs.ly/H0jPYMt0
6
148
324
Happy New Year! What infosec skills are you planning to develop in 2020?
32
36
331
The newest exploit development course from Offensive Security is here 🦊 ! In Windows User Mode Exploit Development, you’ll learn how to create custom exploits, bypass security mitigations, and reverse-engineer bugs. Explore the course: offs.ec/3poJpGK
12
83
332
Pentesting tip: if you're using qterminal in Kali Linux, you can enable "Unlimited History" in the Behavior preferences. This will allow you to scroll back through history on the current terminal prompt you're using.
10
57
300
Following its 10-year anniversary release, @kalilinux 2023.2 is now here! offs.ec/3MJVumL Highlights since March: 🟦 New VM image for Hyper-V 🟦 Xfce audio stack update 🟦 i3 desktop overhaul 🟦 GNOME 44 🟦 Menu updates and new tools
2
71
315
43,773
What's your definition of a #hacker?
163
34
303
I got a shell!
2
34
324
15,625
Starting a career in cybersecurity this year? Kickstart your journey with these tips🧵👇
1
47
320
39,975
Need we say more?
8
40
314
Are you Interested in pursuing a #cybersecuritycareer? OffSec's Jeremy Miller, Busra Demir, and S1REN provided helpful advice and insights on how to break into #cybersecurity. Watch the full OffSec Live session: offs.ec/3QnkxgX
8
53
297
74,693
It's World Emoji Day. Tell us about your infosec journey using only emojis 👀
162
30
303
We analyzed a scenario where a malicious user can exploit a vulnerable web app using the following methods: Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE). hubs.ly/H0m01890
3
141
304
We're proud to announce the details of the OffSec Giving Program today. To start out, we're partnering with @marcusjcarey, with additional generous support from his employers at @reliaquest. Learn more: hubs.ly/H0rVGwp0
19
96
285
Describe your pet using infosec terminology.
113
36
296
In this post, community manager Tony Punturiero (@TJ_null) shows how to use PowerShell on Kali Linux to obtain initial access with PSSession on Windows and Linux. offs.ec/3ifPPoq
101
300
Seems to be some confusion with some about the announcement of the OSCP+. Mostly around what happens to the OSCP? Let's be clear - The OSCP does not expire. Will not expire. And will still be issued. No changes to the OSCP are being made. However there are a number of cert holders that work places that mandate a certification to expire. The current OSCP does not help these individuals at all. So, enter the OSCP+, which was created to provide benefits to these users and does expire. If you are not in a situation where you require an expiring certification, thats great. Nothing changes for you, you can ignore the OSCP+. If you do require an expiring cert, then starting Nov 1st the OSCP+ will help you out. We set this up in a way where we are careful not to take anything away from existing cert holders or those that do not require an expiring cert. This should be fully an expansion of benefits, with nothing taken away. Full details of the changes that were announced today are at: help.offsec.com/hc/en-us/art… help.offsec.com/hc/en-us/art… Also we will be doing a webinar the morning of the 6th, and standard office hours on discord at 1pm eastern. Happy to talk through questions with everyone then! - Jim
38
72
285
107,029
___________ is a valuable asset as an infosec professional.
197
33
277
Active Directory Attacks and PowerShell for pentesting are just two of the new topics covered in PWK. Watch to learn more: hubs.ly/H0n0DJc0
9
64
287
We’re closing 2019 with a special gift for our students and colleagues: AWAE is on sale for $999 (regular price: $1400)! Includes 30 days of lab time and exam fee. Explore the course and register: hubs.ly/H0m6SPW0
26
113
287
#OSCP exam prep resource: offs.ec/3B80Dkg Download it. Bookmark it. Share it.
7
76
283
Free Learning Resources 🧵 Watch and learn from free tutorials with OffSec Live. Build a methodology. Sharpen your #hacking skills. Join live walkthroughs of Proving Grounds machines on Twitch: twitch.tv/offsecofficial
1
43
291
32,348
What role has OffSec played in your career journey?
7
39
273
You’re conducting a penetration test on a network, and you discover that the target environment uses Active Directory. After some initial recon, you find: ❶ An open SMB port (445) on one of the servers ❷ A valid set of low-privileged domain user credentials - user1: Password123 How would you enumerate the Active Directory environment to gather useful information for further attacks?
20
29
272
48,345
01110000 01110010 01100001 01100011 01110100 01101001 01100011 01100101 00100000 01101101 01100001 01101011 01100101 01110011 00100000 01110000 01110010 01101111 01100111 01110010 01100101 01110011 01110011 00001010 offs.ec/3cHIKN2
24
47
265
You asked. We listened. Student Mentor Siddicky covered an #ActiveDirectory set in the PEN-200 #OSCP labs: offs.ec/3JELWJB
2
35
268
58,883
Lowkey, not mad.
1
24
256
16,985
ICYMI: Learn how to use PowerShell for penetration testing in Kali Linux offs.ec/38H6Y6b
2
86
261
Tell us about a person in the OffSec community that has inspired you, or helped you pave a path forward.
145
13
252
This blog introduces a new 0day technique discovered by OffSec Technical Trainer Victor “Vixx” Khoury, the process he used to exploit it, and the proof of concept code to bypass AMSI in PowerShell 5.1 and PowerShell 7.4: offs.ec/44owQR3
5
78
260
86,390
The OSCP is based on penetration testing skills – but why take the foundational course, Penetration Testing with Kali Linux (PWK/PEN-200), if you don’t plan to become a penetration tester? offs.ec/3cdXjWS
6
36
239
I knew it would be a mistake to ask for playlist suggestions from our Offsec admins.
12
75
242
What habit, behavior, or mindset have you had to unlearn?
64
22
241
Being a cybersecurity practitioner is just the ego-to-humility arc on repeat.
10
28
238
22,697
Build your own home lab with this extensive guide from @tj_null. He covers the why and how, offers points of consideration, and shares his top resources. Check it out: offs.ec/3iRxTQR
75
237
Users can now choose to connect to Proving Grounds through a local Kali system via VPN, or through our new Kali in the browser solution: offs.ec/3qciCxy
1
52
235
Although our exams have a minimum age requirement of 18, we may waive it in a few, select cases. Mihai is one of those cases. Meet a student who holds the OSCP at age 16! hubs.ly/H0mhx4K0
7
42
244