Offensive Security Explained
Offensive Security (also known as OffSec)[1] is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007,[2] the company created open source projects, advanced security courses, the ExploitDB vulnerability database, and the Kali Linux distribution. The company was started by Mati Aharoni,[3] and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies.[4]
The company also provides training courses and certifications.
Background and history
Mati Aharoni, Offensive Security's co-founder, started the business around 2006 with his wife Iris. Offensive Security LLC was formed in 2008.[5] [6] The company was structured as Offensive Security Services, LLC in 2012 in North Carolina.[7] In September 2019 the company received its first venture capital investment, from Spectrum Equity, and CEO Ning Wang replaced Joe Steinbach, the previous CEO for four years, who ran the business from the Philippines. Jim O’Gorman, the company's chief strategy officer, also gives training and writes books. Customers include Cisco, Wells Fargo, Booz Allen Hamilton, and defense-related U.S. government agencies. The company gives training sessions at the annual Black Hat hacker conference.[8] [9] [10]
In 2019, J.M. Porup of CSO online wrote "few infosec certifications have developed the prestige in recent years of the Offensive Security Certified Professional (OSCP)," and said it has "a reputation for being one of the most difficult," because it requires student to hack into a test network during a difficult "24-hour exam." He also summarized accusations of cheating, and Offensive Security's responses, concluding hiring based only on credentials was a mistake, and an applicants skills should be validated.[11] In 2020, cybersecurity professional Matt Day of Start a Cyber Career, writing a detailed review and comparison of OSCP and CompTIA PenTest+, said OSCP was "well known in the pentesting community, and therefore well known by the managers that hire them."[12]
Projects
In addition to their training and security services, the company also founded open source projects, online exploit databases and security information teaching aids.
Kali Linux
The company is known for developing Kali Linux, which is a Debian Linux based distribution modeled after BackTrack. It succeeds BackTrack Linux, and is designed for security information needs, such as penetration testing and digital forensics. Kali NetHunter is Offensive Security's project for the ARM architecture and Android devices.[13] Kali Linux contains over 600 security programs. The release of the second version (2.0) received a wide coverage in the digital media[14] [15] [16] [17] Offensive Security provides a book, Kali Linux Revealed,[18] and makes the first edition available for free download.[19] Users and employees have been inspired to have careers in social engineering.[20] In 2019, in a detailed review, Cyberpunk called Offensive Security's Kali Linux, " known as BackTrack," the "best penetration testing distribution."[21]
BackTrack
BackTrack Linux was an open source GNU General Public License Linux distribution developed by programmers from around the world with assistance, coordination, and funding from Offensive Security.[22] [23] [24] The distribution was originally developed under the names Whoppix, IWHAX, and Auditor. It was designed to delete any trace of its usage. The distribution was widely known and used by security experts.[25] [26] [27] [28]
ExploitDB
Exploit Database is an archive of vulnerable software and exploits that have been made public by the information security community. The database is designated to help penetration testers test small projects easily by sharing information with each other.[29] The database also contains proof-of-concepts (POC), helping information security professionals learn new exploits variations. In Ethical Hacking and Penetration Testing Guide, Rafay Baloch said Exploit-db had over 20,000 exploits, and was available in BackTrack Linux by default.[30] In CEH v10 Certified Ethical Hacker Study Guide, Ric Messier called exploit-db a "great resource," and stated it was available within Kali Linux by default, or could be added to other Linux distributions.[31]
Metasploit
Metasploit Unleashed is a charity project created by Offensive Security for the sake of Hackers for Charity, which was started by Johnny Long. The projects teaches Metasploit and is designed especially for people who consider starting a career in penetration testing.
Google Hacking Database
Google Hacking Database was created by Johnny Long and is now hosted by Offensive Security. The project was created as a part of Hackers for Charity. The database helps security professionals determine whether a given application or website is compromised. The database uses Google search to establish whether usernames and passwords had been compromised.[32]
See also
External links
Notes and References
- Web site: April 24, 2023 . Brand Refresh FAQ - Offensive Security Support Portal . May 4, 2023 . OffSec . May 4, 2023 . https://web.archive.org/web/20230504150926/https://help.offsec.com/hc/en-us/articles/13549369454612-Brand-Refresh-FAQ#:~:text=the%20brand%20refresh%3F-,Has%20Offensive%20Security%20changed%20its%20name%3F,the%20current%20and%20future%20OffSec. . live .
- Web site: Homepage. Offensive Security. 26 September 2015. The only provider of true performance-based penetration testing training and ethical hacking courses for over 8 years.. https://web.archive.org/web/20150905090335/https://www.offensive-security.com/ . 2015-09-05 .
- Web site: About Us. Offensive Security. 26 September 2015. 11 July 2019. https://web.archive.org/web/20190711052048/https://www.offensive-security.com/about-us/. live.
- Kirk. Jeremy. Jul 29, 2014. Zero-day flaws found in Symantec's Endpoint Protection. PC World. 26 September 2015. A very public example of such assistance. 11 November 2020. https://web.archive.org/web/20201111223407/https://www.pcworld.com/article/2459540/zeroday-flaws-found-in-symantecs-endpoint-protection.html. live.
- Web site: Ning Wang, Offensive Security LLC: Profile and Biography. Bloomberg.com. en. 2020-03-17.
- Web site: Offensive Security LLC. www.bloomberg.com. 2020-03-17.
- Web site: Offensive Security Services, LLC. www.buzzfile.com. en-us. 2020-03-17.
- Web site: Exclusive: Offensive Security Names New CEO; Former No. 2 at HackerOne, Lynda. Fortune. en. 2020-03-17. 2020-08-08. https://web.archive.org/web/20200808213620/https://fortune.com/2019/01/15/ceo-offensive-security-hackerone-lynda/. live.
- Web site: Penetration Testing with Kali Linux, Black Hat USA 2018. 2018. www.blackhat.com. 2020-03-17. 2020-11-11. https://web.archive.org/web/20201111223802/https://www.blackhat.com/us-18/training/penetration-testing-with-kali-linux.html. live.
- Web site: Speaker Jim O'Gorman, Black Hat USA 2018. 2018. www.blackhat.com. 2020-03-17.
- Web site: OSCP cheating allegations a reminder to verify hacking skills when hiring CSO Online. 2020-03-27. https://web.archive.org/web/20200327224907/https://www.csoonline.com/article/3336068/oscp-cheating-allegations-a-reminder-to-verify-hacking-skills-when-hiring.html. 2020-03-28. 2020-03-27.
- Web site: 7 Reasons You Can't Compare the PenTest+ and OSCP – StartaCyberCareer.com. 2020-03-06. https://web.archive.org/web/20200306000424/https://startacybercareer.com/7-reasons-you-cant-compare-the-pentest-and-oscp/. 2020-03-28. 2020-03-06.
- Web site: Why secure web-based applications with Kali Linux?. Usatenko. Chris. 2019-12-12. Packt Hub. en-US. 2020-03-20. 2020-01-12. https://web.archive.org/web/20200112225809/https://hub.packtpub.com/why-secure-web-based-applications-with-kali-linux/. live.
- Hoffman. Chris. Meet Kali Linux 2.0, a distro built to hammer your security. PC World. August 19, 2015. 26 September 2015. 26 September 2015. https://web.archive.org/web/20150926003033/http://www.pcworld.com/article/2972718/operating-systems/meet-kali-linux-20-a-distro-built-to-hammer-your-security.html. live.
- Web site: Stahie. Silviu. Kali Linux 2.0 Penetration Testing OS Now Based on Debian Jessie and Linux Kernel 4.0. 12 August 2015. Softpedia. 26 September 2015. 9 September 2015. https://web.archive.org/web/20150909154611/http://news.softpedia.com/news/kali-linux-2-0-penetration-testing-os-now-based-on-debian-jessie-and-linux-kernel-4-0-489090.shtml. live.
- Web site: Holm. Joshua Allen. Gnome turns 18, new tools for Docker, Kali Linux 2.0, and more news. OpenSource.com. 26 September 2015. 6 September 2015. https://web.archive.org/web/20150906043811/https://opensource.com/life/15/8/weekly-news-august-15. live.
- Web site: Kerner. Sean Michael. Linux Planet. 26 September 2015. 16 September 2015. https://web.archive.org/web/20150916050531/http://www.linuxplanet.com/news/linux-top-3-tails-1.5-kali-linux-2.0-and-libreoffice-5.html. live.
- Book: Hertzog. Raphael. Kali Linux Revealed: Mastering the Penetration Testing Distribution. O'Gorman. Jim. Aharoni. Mati. 2017-06-05. Offsec Press. 978-0-9976156-0-9. en. 2020-03-17. 2024-05-21. https://web.archive.org/web/20240521132906/https://books.google.com/books?id=6n9atAEACAAJ. live.
- Book: Kali Linux Revealed. 2020-03-17. 2021-01-02. https://web.archive.org/web/20210102180929/https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf. dead.
- Book: Carpenter, Perry. Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors. 2019-04-30. John Wiley & Sons. 978-1-119-56637-3. en. 2020-12-10. 2024-05-21. https://web.archive.org/web/20240521145715/https://books.google.com/books?id=uhuWDwAAQBAJ&q=%22offensive+security%22+company&pg=PA204#v=snippet&q=%22offensive%20security%22%20company&f=false. live.
- Web site: Kali Linux - The Best Penetration Testing Distribution. 2018-08-08. CYBERPUNK. en-US. 2020-03-28. 2020-03-28. https://web.archive.org/web/20200328184236/https://www.cyberpunk.rs/kali-linux-the-best-penetration-testing-distribution. live.
- Web site: BackTrack Linux: The Ultimate Hacker's Arsenal - ADMIN The resource for all system administrators. 2011-09-25. https://web.archive.org/web/20110925082804/http://www.admin-magazine.com/Articles/BackTrack-Linux-The-Ultimate-Hacker-s-Arsenal. 2020-03-27. 2011-09-25.
- Web site: BackTrack Linux - Penetration Testing Distribution. 2011-09-24. https://web.archive.org/web/20110924125014/http://www.backtrack-linux.org/. 2020-03-27. 2011-09-24.
- Web site: About BackTrack Linux. 2010-03-22. https://web.archive.org/web/20100322191128/http://www.backtrack-linux.org/about/. 2020-03-27. 2010-03-22.
- Web site: Linux.com :: Review: BackTrack 2 security live CD. 2007-12-10. https://web.archive.org/web/20071210224731/https://www.linux.com/articles/61417. 2020-03-27. 2007-12-10.
- Web site: Linux.com :: Test your environment's security with BackTrack. 2009-06-08. https://web.archive.org/web/20090608231252/http://www.linux.com/archive/articles/138325. 2020-03-27. 2009-06-08.
- Web site: BackTrack 5 - A Linux Distribution Engineered for Penetration Testing Ubuntu Manual. 2011-08-25. https://web.archive.org/web/20110825003651/http://ubuntumanual.org/posts/391/backtrack-5-a-linux-distribution-engineered-for-penetration-testing. 2020-03-27. 2011-08-25.
- Web site: BackTrack 5 review – if you're serious about pentesting don't leave home without it! Linux User. 2011-08-11. https://web.archive.org/web/20110811144253/http://www.linuxuser.co.uk/reviews/backtrack-5-review-if-youre-serious-about-pentesting-dont-leave-home-without-it/2. 2020-03-27. 2011-08-11.
- Web site: Chinese websites have been under attack for a week via a new PHP framework bug. Cimpanu. Catalin. ZDNet. en. 2020-03-27. 2020-11-29. https://web.archive.org/web/20201129204300/https://www.zdnet.com/article/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug/. live.
- Book: Baloch, Rafay. Ethical Hacking and Penetration Testing Guide. 2017-09-29. CRC Press. 978-1-4822-3162-5. 135, 136, 137, 272, 431. en. 2020-12-10. 2024-05-21. https://web.archive.org/web/20240521145731/https://books.google.com/books?id=fKfNBQAAQBAJ&q=exploitdb&pg=PA136#v=snippet&q=exploitdb&f=false. live.
- Book: Messier, Ric. CEH v10 Certified Ethical Hacker Study Guide. 2019-06-25. John Wiley & Sons. 978-1-119-53319-1. 235, 236, 243, 536, 547. en.
- Book: Broad. James. Hacking with Kali: Practical Penetration Testing Techniques. Bindner. Andrew. 2013-12-05. Newnes. 978-0-12-407883-3. 97. en. 2020-12-10. 2024-05-21. https://web.archive.org/web/20240521151235/https://books.google.com/books?id=0YihZLFRW1gC&q=google+hacking+database&pg=PA97#v=snippet&q=google%20hacking%20database&f=false. live.