Want to master Linux Kernel Exploitation?
Check out https://github.com/Gr3ytrac3/linux-kernel-exploitation — a curated arsenal of exploits, labs, write-ups & fuzzing tools.
From Dirty Pipe to modern bypasses
Credits: @andreyknvl
Want to master Linux Kernel Exploitation?
Check out https://github.com/Gr3ytrac3/linux-kernel-exploitation — a curated arsenal of exploits, labs, write-ups & fuzzing tools.
From Dirty Pipe to modern bypasses
Credits: @andreyknvl
We're very happy and excited to announce that we've closed the extra last-minute CFP for the #OffensiveOps Offensive Security Village, which Bourbon Offensive Security Services has sponsored and turned into reality! The village is accompanied by a #Lockpicking village - see more details below.
This TAKES PLACE on June 18th from 14.00-18.00 on top of the June 19th full day agenda!!
Talks:
1 - Browser Exploitation: From N-Days to Real-World Exploit Chains in Google Chrome - by Arnaud Perrot (aka "petitoto")
2 - Hacking EV Chargers: Fast Track to Market, Fast Track to Vulnerabilities - by Simon Petitjean
3 - Targeting pentesters - by Charlie Bromberg (aka "Shutdown") & Mathieu Calemard du Gardin
4 - Unpacking Azure Initial Access Attack Techniques - by François-Jérôme Daniel & Patrick Mkhael
In parallel we host the “Physical Intrusion & hashtag
hashtag#Lockpicking Village” in the Atrium to permits to practice, learn and more ! by Nicolas Aunay (Joker2a)) and Nicolas B.!!
The village will be live during both days of the event
Get your ticket here: https://lnkd.in/edXc3ytn
If you’re into #pentesting, #redteam, #adversaryemulation, #physicalintrusion or you're a student, passionate, or just curious to explore why offense is mandatory for defense — you’ll feel right at home.
Let’s build something meaningful for the offensive security community in Luxembourg.
#BSidesLuxembourg2025
#OffensiveOps
#OffSec
#Cybersecurity
#infosec
#communitydriven
Review: Metasploit, 2nd Edition https://www.helpnetsecurity.com/2025/06/02/review-metasploit-2nd-edition/ #BinaryDefense #Metasploit #TrustedSec #Don'tmiss #Reviews #OffSec #Rapid7 #review #News #book
Microsoft Copilot for SharePoint just made recon a whole lot easier.
Read it here: www.pentestpartners.com/security-blo...
#RedTeam #OffSec #AIsecurity #Microsoft365 #SharePoint #MicrosoftCopilot #InfoSec #CloudSecurity
Microsoft Copilot for SharePoint just made recon a whole lot easier.
One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...
It opened the door to credentials, internal docs, and more.
All without triggering access logs or alerts.
Copilot is being rolled out across Microsoft 365 environments, often without teams realising Default Agents are already active.
That’s a problem.
Jack, our Head of Red Team, breaks it down in our latest blog post, including what you can do to prevent it from happening in your environment.
Read it here: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/
What are some interesting files/directories to overwrite in an AWS Lambda execution environment?
I found an unsafe tarball extraction vulnerability in a customer's code, but I'm not the most familiar with AWS.
I'm doing a security code review of a service that uses Smithy ( https://smithy.io/2.0/quickstart.html ).
This is the first time I've come across Smithy. Does anyone know of any security issues of Smithy models/code that I should be aware of?
Refined #opsec and red team techniques go hand in hand. I spent over a decade in #defense, working with individuals and massive corporations at all levels.
The goal is the same, yet cooperation between red & blue teams was lacking back then.
Now it’s all changed: #offsec tools are closely monitored by the same orgs who wrote them off ten years ago. Time to make some repos private? I’m not sure, but the tide’s changed.
Updates rolling out to the repo:
@BSidesNYC 0x03 Recap: In this session, François Proulx discusses what goes on behind the scenes of #supplychainattacks through the lens of SLSA (Supply chain Levels for Software Artifacts), a threat model designed to tackle these emergent threats.
@BSidesNYC 0x03 Recap: In this session, Alex Holden surveys automated, continuous, and manual pen test methodologies and how to pick the right one for your needs.
so, #offsec friends: i’m looking at an active credential harvesting website found from phishing emails and i wanna make sure i’m not missing anything. any suggestions on directory discovery tools that are possibly not too noisy? what are people’s thoughts on dirhunt?
It even works with processes that have entered Capabilities Mode.
Injecting a shared object anonymously over the ptrace boundary on #FreeBSD via libhijack now works!
https://github.com/SoldierX/libhijack/commit/18b4ad92c0e41e4b0711484b725646c3f04b51ba
It's been about a week since this happened so I'm probably cool-headed enough to talk about it. First a little background info.
A sales person from Offensive Security (https://www.offsec.com/) has been trying to reach out to me for days. First by work email, which I ignored, then through my personal LinkedIn account, which I also ignored.
Then, last week, my son texts me and says, "some guy called me looking for you." I told him I was your son and he said he would try to email. I know that absolutely no one in my professional circle has my son's personal cell number, so I asked him to send me the number that called him.
I call the number back and it's the sales guy from Offensive Security. I immediately asked him how he got my son's number and found out it was part of a ZoomInfo (https://www.zoominfo.com/) record for me. I told him to immediately delete any record he has with my son's information.
I then let him know in no uncertain terms that his company was using some shady data gathering practices if they had my son's cell number and because of that I will personally never do business with OffSec again. I also made it clear that he should never reach out to me again.
Even though I hold the #OSCP and #OSCE certifications and even though they were a career changer for me and for my colleagues, I will no longer do business with their company.
Introduction to offensive security
https://steve-s.gitbook.io/0xtriboulet/
Cool, someone is implementing Offensive/RedTeam techniques in Crystal.
https://github.com/js-on/WeaponizeCrystal
If you haven't heard of the Crystal Programming Language, definitely check it out. While much of the hype has been focused on Go or Rust, I feel like Crystal and Nim are great middle-ground languages, that have high-level features (Class based OOP, AST macros, Generics, closures, builtin concurrency, exception handling, etc), provide low-level access to C primitives, but use GC instead of Rust's borrow checker which can be kind of annoying/overbearing.
#crystallang #offsec #redteam