Privilege Escalation in Action: Using PSSPY ?? Here’s a real-time look at how a root process (SSHD) triggered malicious code execution, flipping a root shell into an SUID shell. Key Takeaways: → The process ran as root, leading to a change in ownership and the creation of an SUID binary. → By running PSSPY, we could monitor processes without root access, making it a powerful tool for enumeration. → PSSPY acts like a Swiss Army knife for tracking live processes, helping spot privilege escalations in action. Now, if we check permissions... SUID is set. And just like that, we have root. ??
关于我们
Empowering the world to fight cyber threats with indispensable cybersecurity skills and resources. Build the path to a secure future with OffSec.
- 网站
-
https://offsec.com
OffSec的外部链接
- 所属行业
- 计算机和网络安全
- 规模
- 201-500 人
- 总部
- New York,NY
- 类型
- 私人持股
- 创立
- 2006
地点
-
主要
获取路线
71 Vanderbilt Ave
3rd Floor
US,NY,New York,10017
OffSec员工
动态
-
?? Announcing the #ShePwns Learn One Giveaway Winners! Thank you to everyone who shared their stories as part of our Learn One giveaway. We were inspired by the passion, determination, and drive of women stepping into cybersecurity and taking on new challenges. ?? Congratulations to these 3?? winners ??: Bernice Dulemordzi Harshi Singhania Aliyah Millán We’ll be reaching out via DM with more details, keep an eye on your inbox. The journey to cybersecurity is tough, but the community and resources are here to support you. Keep pushing forward!
-
Connect with OffSec's Adam S. and Tim Conrad at AFCEA International's DoD CIO Cyber Workforce Summit on?March 20-21! We're proud to play a role in advancing skills-based cybersecurity education and training through hands-on, real-world experience. If you’re attending, don’t miss the chance to learn how OffSec can help strengthen your cybersecurity capabilities.? ?? Book a meeting here: https://lnkd.in/eAXN3SaB
-
-
"This course is an absolute must-have for anyone looking to evolve as a penetration tester...The learning, the grind, and the growth were all worth it." What an incredible feat, Nima Statius - congratulations on earning the OSEP! ??
Head of Offensive Security | Strengthening cyber and physical security | OSEP, OSWE, OSCP, CARTP, CRTP, PNPT, TOGAF
After an intense 40-hour exam followed by 15 hours of reporting over a 68-hour period, I’m excited to share that I have officially passed the Offensive Security Experienced Penetration Tester (OSEP) certification. Submitting my report just four hours before the deadline, this was without a doubt one of the most demanding and rewarding exams I have ever taken. This journey has been nothing short of incredible. With 700+ hours of study material, hands-on labs, and complex challenges, OSEP pushed me beyond my limits and truly leveled up my offensive security skills. The course takes you through everything from client-side code execution, Active Directory attacks, phishing, kiosk breakouts, lateral movement, bypassing network filters, antivirus evasion, and Windows security controls like application whitelisting and constrained language mode. This course is an absolute must-have for anyone looking to evolve as a penetration tester. A massive thank you to OffSec for this top-tier course. The learning, the grind, and the growth were all worth it. Two down, one to go. Ya'll know where this is heading! #OSEP #OffensiveSecurity #Offsec #CyberSecurity #PenetrationTesting #RedTeam
-
-
Technical expertise is just one piece of the puzzle. Join industry leaders in a discussion about 3?? often-overlooked skills that can set you apart: ?? Communication & Storytelling – Speak the language of execs and employees. ?? Empathy – Strengthen leadership, teamwork, and problem-solving. ?? Curiosity – Drive innovation and continuous learning. ??? March 18 | 12 p.m. ET ?? Featuring Ashley Burke, BACS, MES, Amalie L?nning (Siemens & WiCyS Norway), and moderator Eva Pleger (OffSec). Register now and submit your questions! https://offs.ec/3Djmp8h
-
Did you know you can submit your own targets to OffSec’s labs and get paid for it? Our User-Generated Content (UGC) program lets community-built machines become part of PG Play, PG Practice, and other OffSec offerings, challenging thousands of learners. ?? Submission rewards: ? Up to $300 for solid VMs with a clear build script and MITRE-aligned CVEs. ? $500 for unique builds with strong exploit chains and clear learning objectives. ? Up to $1,500 for chained/grouped VMs that simulate real-world penetration testing scenarios. Every submission is reviewed by our Labs team to ensure it meets OffSec’s high standards. Think you’ve got what it takes? Submit your machine today: https://offs.ec/4khYK8U
-
-
"To everyone out there grinding through their OSCP journey - never give up, trust the process, and TRY HARDER! ??." Dhairya Changela, congratulations on earning the OSCP! ??
OSCP+ | CEH MASTER | RHCSA | Penetration Testing | Linux System Administration | Cyber Security Student @ Seneca Polytechnic
“I Tried Hard” After months of relentless learning, sleepless nights, and an intense 24-hour battle against the exam machines, I am beyond thrilled to announce that I have officially passed the Offensive Security Certified Professional (OSCP) exam! ?? This certification was not just an exam; it was a dream that came true. The OSCP exam pushed me to my limits, testing not just my technical skills but also my mindset, perseverance, and problem-solving ability. The legendary motto “Try Harder” isn’t just a phrase; it’s a mindset that changes the way you think. Huge thanks to OffSec for an intense yet rewarding challenge. This achievement wouldn’t have been possible without some incredible people who inspired and supported me: Konrad Haase - Your guidance and encouragement helped me stay on track, and I truly appreciate the knowledge you shared. Ansh Bhawnani - You are the person I got inspired by. Watching your videos about your OSCP journey always kept me motivated! Samantha C. - Your walkthroughs truly helped me build a solid methodology, teaching me how to approach each box systematically. Derron C. - Your Active Directory playlist made AD exploitation so simple! The way you explained each attack really helped me mastering the AD. Offsec Discord Community - A huge shoutout to the entire OffSec Discord server for always being there whenever I hit a roadblock in the challenge labs. Your advice, tips, and encouragement made a huge difference! Last but not least, a heartfelt thank you to my family and friends for trusting me, supporting me, and standing by my side throughout this journey. Your encouragement kept me going even during the toughest times. To everyone out there grinding through their OSCP journey - never give up, trust the process, and TRY HARDER! ?? #OSCP #OSCPPlus #OSCPCertified #OffensiveSecurity #OffSec #PEN200 #PWK #TryHarder #Cybersecurity #Pentesting #EthicalHacking
-
-
Now is the time to start planning for you, or your team's, professional development goals with live training: https://offs.ec/4ktQfYv Live training is offered globally by our authorized partners. In-person and virtual courses are being offered in the U.S., France, Germany, Netherlands, and more. ?? Courses: SEC-100, PEN-200, EXP-401 ?? Private training sessions are also available upon request
-
Grab your favorite dessert ?? and join us for a 30-minute demo of our Learning Library ?? https://offs.ec/41x3C2n See all the latest training content, new features, and ways to level up your cybersecurity expertise. ??? LIVE, every Wednesday, across multiple timezones ?? Interactive format, including audience participation ?? Q&A following each demo