Friday, October 30, 2009

Offensive Security

I figured that my first blog posting would be about Offensive Security. This is both about the course and the philosophy. For those of you who don't know, Offensive Security produces, in this authors opinion, the best security training I have seen or heard about. That can be taken as a pretty bold statement and I hope to convince you or even try to entice you to seeing this for your self.

There are 4 course currently running with a 5th in development. The are Pentesting With BackTrack (PWB) Offensive Security Wireless Attacks (WiFu)Cracking the Perimeter (CTP) Advanced Windows Exploitation (AWE) and Metasploit-Unleashed (MSFU). PWB and WiFu can be taken first, along with MSFU, while the other courses require you to have the Offensive Security Certified Professional (OSCP) from the successful completion of the PWB course. Admittedly, I have completed the OSCP exam and I am working on the MSFU course. So I cannot personally speack on the other courses.... yet.

Now the PWB course offered at Offsec, as well as the others, are vendor neutral and based off of the BackTrack platform. So before you start to go off about how great you last security course was please keep this fact in mind. You will not learn how to produce a Penetration Test Audit report in these course. You will not learn how to install and configure any firewalls or Intrusion Detection systems. This is hard core system, application, kernel level exploitation of vulnerabilities. You will use assembly language to molest unsuspecting buffers to go to memory spaces that you have hidden your malicious code in. You will learn how to execute SQL injection into poorly secured web pages. And you will also learn how gather information about your target to get the information you need to pwn that system. As I said before, this is hardcore stuff that some are very well versed at and others are not. I will promise you that regardless of your current skill set you will learn something that you will pass along to your friends before this course is finished.

Props go out to all the folks at Remote-Exploit who develop and maintain the BackTrack software. Without them none of these courses or this invaluable tool would be available to all of us. Also the great people at Offsec deserve some recognition, even though some of them avoid the limelight.. So thanks to everyone at Offsec for a wonderful and challenging course.

Here is the links for BackTrack and for Remote-Exploit and Offensive-Security.. Enjoy!

http://www.offensive-security.com/metasploit-unleashed/
http://www.offensive-security.com/
http://www.remote-exploit.org/
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso