Offensive Security: Difference between revisions
Content deleted Content added
simplify the hatnote. Offensive security doesn't redirect anywhere. |
|||
| (69 intermediate revisions by 39 users not shown) | |||
| Line 1: | Line 1: | ||
{{short description| |
{{short description|American international information security company}} |
||
{{about||offensive security testing practices|red teaming|and|penetration test|and|vulnerability assessment}} |
|||
{{More citations needed|date=December 2022}} |
|||
{{Infobox company |
{{Infobox company |
||
| name = Offensive Security |
| name = Offensive Security |
||
| logo = |
| logo = |
||
| logo_size = |
| logo_size = |
||
| logo_alt = |
| logo_alt = |
||
| logo_caption = |
| logo_caption = |
||
| image = |
| image = |
||
| image_size = |
| image_size = |
||
| image_alt = |
| image_alt = |
||
| image_caption = |
| image_caption = |
||
| trade_name = |
| trade_name = |
||
| native_name = |
| native_name = |
||
| native_name_lang = <!-- Use ISO 639-1 code, e.g. "fr" for French. For multiple names in different languages, use {{Lang|[code]|[name]}} in native_name = and leave native_name_lang = empty. --> |
| native_name_lang = <!-- Use ISO 639-1 code, e.g. "fr" for French. For multiple names in different languages, use {{Lang|[code]|[name]}} in native_name = and leave native_name_lang = empty. --> |
||
| romanized_name = |
| romanized_name = |
||
| former_name = Offensive Security Services, LLC |
| former_name = Offensive Security Services, LLC |
||
| type = Private |
| type = Private |
||
| traded_as = |
| traded_as = |
||
| ISIN = |
| ISIN = |
||
| ⚫ | |||
| ISIN2 = |
|||
| genre = |
|||
| ⚫ | |||
| |
| fate = |
||
| ⚫ | |||
| fate = |
|||
| |
| successor = <!-- or: | successors = --> |
||
| ⚫ | |||
| ⚫ | |||
| founders = Mati Aharoni, Devon Kearns <!-- or: | founders = --> |
|||
| ⚫ | |||
| |
| defunct = <!-- {{End date|YYYY|MM|DD}} --> |
||
| ⚫ | |||
| defunct = <!-- {{End date|YYYY|MM|DD}} --> |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| hq_location_country = United States |
| hq_location_country = United States |
||
| num_locations = |
| num_locations = |
||
| num_locations_year = <!-- Year of num_locations data (if known) --> |
| num_locations_year = <!-- Year of num_locations data (if known) --> |
||
| area_served = International <!-- or: | areas_served = --> |
| area_served = International <!-- or: | areas_served = --> |
||
| key_people = |
| key_people = {{Plainlist| |
||
{{Plainlist| |
|||
* Ning Wang, <small>CEO</small> |
* Ning Wang, <small>CEO</small> |
||
* Jim O’Gorman, <small>Chief Strategy Officer</small> |
* Jim O’Gorman, <small>Chief Strategy Officer</small> |
||
* Devon Kearns,<small>Technical Operations</small>{{citation needed|date=March 2020}} |
* Devon Kearns, <small>Technical Operations</small>{{citation needed|date=March 2020}} |
||
* Dr. Matteo Memelli,<small>R&D</small>{{citation needed|date=March 2020}} |
* Dr. Matteo Memelli, <small>R&D</small>{{citation needed|date=March 2020}} |
||
}} |
}} |
||
| products = [[Kali Linux]], [[Kali NetHunter]], [[Offensive Security Certified Professional]] |
| products = [[Kali Linux]], [[Kali NetHunter]], [[Offensive Security Certified Professional]] |
||
| brands = |
| brands = |
||
| production = |
| production = |
||
| production_year = <!-- Year of production data (if known) --> |
| production_year = <!-- Year of production data (if known) --> |
||
| services = |
| services = |
||
| revenue = |
| revenue = |
||
| revenue_year = <!-- Year of revenue data (if known) --> |
| revenue_year = <!-- Year of revenue data (if known) --> |
||
| operating_income = |
| operating_income = |
||
| income_year = <!-- Year of operating_income data (if known) --> |
| income_year = <!-- Year of operating_income data (if known) --> |
||
| net_income = <!-- or: | profit = --> |
| net_income = <!-- or: | profit = --> |
||
| net_income_year = <!-- or: | profit_year = --><!-- Year of net_income/profit data (if known) --> |
| net_income_year = <!-- or: | profit_year = --><!-- Year of net_income/profit data (if known) --> |
||
| aum = <!-- Only for financial-service companies --> |
| aum = <!-- Only for financial-service companies --> |
||
| assets = |
| assets = |
||
| assets_year = <!-- Year of assets data (if known) --> |
| assets_year = <!-- Year of assets data (if known) --> |
||
| equity = |
| equity = |
||
| equity_year = <!-- Year of equity data (if known) --> |
| equity_year = <!-- Year of equity data (if known) --> |
||
| owner = <!-- or: | owners = --> |
| owner = <!-- or: | owners = --> |
||
| members = |
| members = |
||
| members_year = <!-- Year of members data (if known) --> |
| members_year = <!-- Year of members data (if known) --> |
||
| num_employees = |
| num_employees = |
||
| num_employees_year = <!-- Year of num_employees data (if known) --> |
| num_employees_year = <!-- Year of num_employees data (if known) --> |
||
| parent = |
| parent = |
||
| divisions = |
| divisions = |
||
| subsid = |
| subsid = |
||
| module = <!-- Used to embed other templates --> |
| module = <!-- Used to embed other templates --> |
||
| ratio = <!-- Basel III ratio; used for banks only --> |
| ratio = <!-- Basel III ratio; used for banks only --> |
||
| rating = <!-- Credit rating; used for banks only --> |
| rating = <!-- Credit rating; used for banks only --> |
||
| website = {{URL|www. |
| website = {{URL|www.offsec.com}} |
||
| footnotes = |
| footnotes = |
||
}} |
}} |
||
'''Offensive Security''' is an international company working in [[ |
'''Offensive Security''' (also known as '''OffSec''')<ref>{{Cite web |date=April 24, 2023 |title=Brand Refresh FAQ - Offensive Security Support Portal |url=https://help.offsec.com/hc/en-us/articles/13549369454612-Brand-Refresh-FAQ#:~:text=the%20brand%20refresh%3F-,Has%20Offensive%20Security%20changed%20its%20name%3F,the%20current%20and%20future%20OffSec. |access-date=May 4, 2023 |website=OffSec |archive-date=May 4, 2023 |archive-url=https://web.archive.org/web/20230504150926/https://help.offsec.com/hc/en-us/articles/13549369454612-Brand-Refresh-FAQ#:~:text=the%20brand%20refresh%3F-,Has%20Offensive%20Security%20changed%20its%20name%3F,the%20current%20and%20future%20OffSec. |url-status=live }}</ref> is an American international company working in [[information security]], [[penetration testing]] and [[digital forensics]]. Operating from around 2007,<ref name=":0">{{cite web|url=https://www.offensive-security.com/|website=Offensive Security|access-date=26 September 2015|ref=The only provider of true performance-based penetration testing training and ethical hacking courses for over 8 years.|title=Homepage|archive-url=https://web.archive.org/web/20150905090335/https://www.offensive-security.com/ |archive-date=2015-09-05 }}</ref> the company created [[open source]] projects, advanced security courses, the [[ExploitDB]] [[vulnerability database]], and the [[Kali Linux|Kali]] [[Linux distribution]]. The company was started by Mati Aharoni,<ref>{{cite web|url=https://www.offensive-security.com/about-us/|website=Offensive Security|access-date=26 September 2015|title=About Us|archive-date=11 July 2019|archive-url=https://web.archive.org/web/20190711052048/https://www.offensive-security.com/about-us/|url-status=live}}</ref> and employs security professionals with experience in security [[penetration testing]] and system security evaluation. The company has provided security counseling and training to many technology companies.<ref>{{cite journal|last=Kirk|first=Jeremy|date=Jul 29, 2014|title=Zero-day flaws found in Symantec's Endpoint Protection|url=https://www.pcworld.com/article/2459540/zeroday-flaws-found-in-symantecs-endpoint-protection.html|journal=PC World|access-date=26 September 2015|ref=A very public example of such assistance|archive-date=11 November 2020|archive-url=https://web.archive.org/web/20201111223407/https://www.pcworld.com/article/2459540/zeroday-flaws-found-in-symantecs-endpoint-protection.html|url-status=live}}</ref> |
||
The company also provides training courses and certifications. |
The company also provides training courses and certifications. |
||
== Background and history == |
== Background and history == |
||
Mati Aharoni, Offensive |
Mati Aharoni, Offensive Security's co-founder, started the business around 2006 with his wife Iris.<ref name=":1" /> Offensive Security LLC was formed in 2008.<ref>{{Cite web|url=https://www.bloomberg.com/profile/person/16940925|title=Ning Wang, Offensive Security LLC: Profile and Biography|website=Bloomberg.com|language=en|access-date=2020-03-17}}</ref><ref>{{Cite web|url=https://www.bloomberg.com/profile/company/0733517D:US?in_source=PersonProfile|title=Offensive Security LLC|website=www.bloomberg.com|access-date=2020-03-17}}</ref> The company was structured as Offensive Security Services, LLC in 2012 in [[North Carolina]].<ref>{{Cite web|url=http://www.buzzfile.com/business/Offensive-Security-Services,-LLC-402-608-1337|title=Offensive Security Services, LLC|website=www.buzzfile.com|language=en-us|access-date=2020-03-17}}</ref> In September 2019 the company received its first venture capital investment, from Spectrum Equity, and CEO Ning Wang replaced Joe Steinbach, the previous CEO for four years, who ran the business from the [[Philippines]]. Jim O’Gorman, the company's chief strategy officer, also gives training and writes books. Customers include [[Cisco]], [[Wells Fargo]], [[Booz Allen Hamilton]], and defense-related U.S. government agencies. The company gives training sessions at the annual Black Hat hacker conference.<ref name=":1">{{Cite web|url=https://fortune.com/2019/01/15/ceo-offensive-security-hackerone-lynda/|title=Exclusive: Offensive Security Names New CEO; Former No. 2 at HackerOne, Lynda|website=Fortune|language=en|access-date=2020-03-17|archive-date=2020-08-08|archive-url=https://web.archive.org/web/20200808213620/https://fortune.com/2019/01/15/ceo-offensive-security-hackerone-lynda/|url-status=live}}</ref><ref>{{Cite web|url=https://www.blackhat.com/us-18/training/penetration-testing-with-kali-linux.html|title=Penetration Testing with Kali Linux, Black Hat USA 2018|date=2018|website=www.blackhat.com|access-date=2020-03-17|archive-date=2020-11-11|archive-url=https://web.archive.org/web/20201111223802/https://www.blackhat.com/us-18/training/penetration-testing-with-kali-linux.html|url-status=live}}</ref><ref>{{Cite web|url=https://www.blackhat.com/us-18/speakers/Jim-Ogorman.html|title=Speaker Jim O'Gorman, Black Hat USA 2018|date=2018|website=www.blackhat.com|access-date=2020-03-17}}</ref> |
||
In 2019, J.M. Porup of CSO online wrote "few infosec certifications have developed the prestige in recent years of the [[Offensive Security Certified Professional]] (OSCP)," and said it has "a reputation for being one of the most difficult," because it requires student to hack into a test network during a difficult "24-hour exam." He also summarized accusations of cheating, and Offensive Security's responses, concluding hiring based only on credentials was a mistake, and an applicants skills should be validated.<ref>{{Cite web|url=https://www.csoonline.com/article/3336068/oscp-cheating-allegations-a-reminder-to-verify-hacking-skills-when-hiring.html|title=OSCP cheating allegations a reminder to verify hacking skills when hiring {{!}} CSO Online|date=2020-03-27|archive-url=https://web.archive.org/web/20200327224907/https://www.csoonline.com/article/3336068/oscp-cheating-allegations-a-reminder-to-verify-hacking-skills-when-hiring.html|access-date=2020-03-28|archive-date=2020-03-27}}</ref> In 2020, cybersecurity professional Matt Day of Start a Cyber Career, writing a detailed review and comparison of OSCP and CompTIA PenTest+, said OSCP was "well known in the pentesting community, and therefore well known by the managers that hire them."<ref>{{Cite web|url=https://startacybercareer.com/7-reasons-you-cant-compare-the-pentest-and-oscp/|title=7 Reasons You Can't Compare the PenTest+ and OSCP – StartaCyberCareer.com|date=2020-03-06|archive-url=https://web.archive.org/web/20200306000424/https://startacybercareer.com/7-reasons-you-cant-compare-the-pentest-and-oscp/|access-date=2020-03-28|archive-date=2020-03-06}}</ref> |
|||
== Projects == |
== Projects == |
||
In addition to their training and security services, the company also founded [[open source]] projects, online exploit databases and security information teaching aids. |
In addition to their training and security services, the company also founded [[open source]] projects, online exploit databases and security information teaching aids. |
||
=== Kali Linux === |
=== Kali Linux === |
||
The company is known for developing [[Kali Linux]], which is a [[Debian|Debian Linux]] based distribution modeled after [[ |
The company is known for developing [[Kali Linux]], which is a [[Debian|Debian Linux]] based distribution modeled after [[BackTrack]]. It succeeds BackTrack Linux, and is designed for security information needs, such as [[penetration testing]] and [[digital forensics]]. [[Kali NetHunter]] is Offensive Security's project for the ARM architecture and Android devices.<ref>{{Cite web|url=https://hub.packtpub.com/why-secure-web-based-applications-with-kali-linux/|title=Why secure web-based applications with Kali Linux?|last=Usatenko|first=Chris|date=2019-12-12|website=Packt Hub|language=en-US|access-date=2020-03-20|archive-date=2020-01-12|archive-url=https://web.archive.org/web/20200112225809/https://hub.packtpub.com/why-secure-web-based-applications-with-kali-linux/|url-status=live}}</ref> Kali Linux contains over 600 security programs. The release of the second version (2.0) received a wide coverage in the digital media<ref>{{cite journal|last1=Hoffman|first1=Chris|title=Meet Kali Linux 2.0, a distro built to hammer your security|journal=PC World|date=August 19, 2015|url=http://www.pcworld.com/article/2972718/operating-systems/meet-kali-linux-20-a-distro-built-to-hammer-your-security.html|access-date=26 September 2015|archive-date=26 September 2015|archive-url=https://web.archive.org/web/20150926003033/http://www.pcworld.com/article/2972718/operating-systems/meet-kali-linux-20-a-distro-built-to-hammer-your-security.html|url-status=live}}</ref><ref>{{cite web|last1=Stahie|first1=Silviu|title=Kali Linux 2.0 Penetration Testing OS Now Based on Debian Jessie and Linux Kernel 4.0|date=12 August 2015|url=http://news.softpedia.com/news/kali-linux-2-0-penetration-testing-os-now-based-on-debian-jessie-and-linux-kernel-4-0-489090.shtml|publisher=Softpedia|access-date=26 September 2015|archive-date=9 September 2015|archive-url=https://web.archive.org/web/20150909154611/http://news.softpedia.com/news/kali-linux-2-0-penetration-testing-os-now-based-on-debian-jessie-and-linux-kernel-4-0-489090.shtml|url-status=live}}</ref><ref>{{cite web|last1=Holm|first1=Joshua Allen|title=Gnome turns 18, new tools for Docker, Kali Linux 2.0, and more news|url=http://opensource.com/life/15/8/weekly-news-august-15|website=OpenSource.com|access-date=26 September 2015|archive-date=6 September 2015|archive-url=https://web.archive.org/web/20150906043811/https://opensource.com/life/15/8/weekly-news-august-15|url-status=live}}</ref><ref>{{cite web|last1=Kerner|first1=Sean Michael|title=Linux Planet|url=http://www.linuxplanet.com/news/linux-top-3-tails-1.5-kali-linux-2.0-and-libreoffice-5.html|access-date=26 September 2015|archive-date=16 September 2015|archive-url=https://web.archive.org/web/20150916050531/http://www.linuxplanet.com/news/linux-top-3-tails-1.5-kali-linux-2.0-and-libreoffice-5.html|url-status=live}}</ref> Offensive Security provides a book, ''Kali Linux Revealed'',<ref>{{Cite book|last1=Hertzog|first1=Raphael|url=https://books.google.com/books?id=6n9atAEACAAJ|title=Kali Linux Revealed: Mastering the Penetration Testing Distribution|last2=O'Gorman|first2=Jim|last3=Aharoni|first3=Mati|date=2017-06-05|publisher=Offsec Press|isbn=978-0-9976156-0-9|language=en|access-date=2020-03-17|archive-date=2024-05-21|archive-url=https://web.archive.org/web/20240521132906/https://books.google.com/books?id=6n9atAEACAAJ|url-status=live}}</ref> and makes the first edition available for free download.<ref>{{Cite book|url=https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf|title=Kali Linux Revealed|access-date=2020-03-17|archive-date=2021-01-02|archive-url=https://web.archive.org/web/20210102180929/https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf|url-status=dead}}</ref> Users and employees have been inspired to have careers in [[Social engineering (security)|social engineering]].<ref>{{Cite book|last=Carpenter|first=Perry|url=https://books.google.com/books?id=uhuWDwAAQBAJ&q=%22offensive+security%22+company&pg=PA204|title=Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors|date=2019-04-30|publisher=John Wiley & Sons|isbn=978-1-119-56637-3|language=en|access-date=2020-12-10|archive-date=2024-05-21|archive-url=https://web.archive.org/web/20240521145715/https://books.google.com/books?id=uhuWDwAAQBAJ&q=%22offensive+security%22+company&pg=PA204#v=snippet&q=%22offensive%20security%22%20company&f=false|url-status=live}}</ref> In 2019, in a detailed review, Cyberpunk called Offensive Security's Kali Linux, "{{sic|formally}} known as BackTrack," the "best penetration testing distribution."<ref>{{Cite web|url=https://www.cyberpunk.rs/kali-linux-the-best-penetration-testing-distribution|title=Kali Linux - The Best Penetration Testing Distribution|date=2018-08-08|website=CYBERPUNK|language=en-US|access-date=2020-03-28|archive-date=2020-03-28|archive-url=https://web.archive.org/web/20200328184236/https://www.cyberpunk.rs/kali-linux-the-best-penetration-testing-distribution|url-status=live}}</ref> |
||
=== BackTrack === |
|||
[[BackTrack|BackTrack Linux]] was an open source [[GNU General Public License]] Linux distribution developed by programmers from around the world with assistance, coordination, and funding from Offensive Security.<ref>{{Cite web|url=http://www.admin-magazine.com/Articles/BackTrack-Linux-The-Ultimate-Hacker-s-Arsenal|title=BackTrack Linux: The Ultimate Hacker's Arsenal - ADMIN {{!}} The resource for all system administrators|date=2011-09-25|archive-url=https://web.archive.org/web/20110925082804/http://www.admin-magazine.com/Articles/BackTrack-Linux-The-Ultimate-Hacker-s-Arsenal|access-date=2020-03-27|archive-date=2011-09-25}}</ref><ref>{{Cite web|url=http://www.backtrack-linux.org/|title=BackTrack Linux - Penetration Testing Distribution|date=2011-09-24|archive-url=https://web.archive.org/web/20110924125014/http://www.backtrack-linux.org/|access-date=2020-03-27|archive-date=2011-09-24}}</ref><ref>{{Cite web|url=http://www.backtrack-linux.org/about/|title=About {{!}} BackTrack Linux|date=2010-03-22|archive-url=https://web.archive.org/web/20100322191128/http://www.backtrack-linux.org/about/|access-date=2020-03-27|archive-date=2010-03-22}}</ref> The distribution was originally developed under the names Whoppix, IWHAX, and Auditor. It was designed to delete any trace of its usage. The distribution was widely known and used by security experts.<ref>{{Cite web|url=https://www.linux.com/articles/61417|title=Linux.com :: Review: BackTrack 2 security live CD|date=2007-12-10|archive-url=https://web.archive.org/web/20071210224731/https://www.linux.com/articles/61417|access-date=2020-03-27|archive-date=2007-12-10}}</ref><ref>{{Cite web|url=http://www.linux.com/archive/articles/138325|title=Linux.com :: Test your environment's security with BackTrack|date=2009-06-08|archive-url=https://web.archive.org/web/20090608231252/http://www.linux.com/archive/articles/138325|access-date=2020-03-27|archive-date=2009-06-08}}</ref><ref>{{Cite web|url=http://ubuntumanual.org/posts/391/backtrack-5-a-linux-distribution-engineered-for-penetration-testing|title=BackTrack 5 - A Linux Distribution Engineered for Penetration Testing {{!}} Ubuntu Manual|date=2011-08-25|archive-url=https://web.archive.org/web/20110825003651/http://ubuntumanual.org/posts/391/backtrack-5-a-linux-distribution-engineered-for-penetration-testing|access-date=2020-03-27|archive-date=2011-08-25}}</ref><ref>{{Cite web|url=http://www.linuxuser.co.uk/reviews/backtrack-5-review-if-youre-serious-about-pentesting-dont-leave-home-without-it/2|title=BackTrack 5 review – if you're serious about pentesting don't leave home without it! {{!}} Linux User|date=2011-08-11|archive-url=https://web.archive.org/web/20110811144253/http://www.linuxuser.co.uk/reviews/backtrack-5-review-if-youre-serious-about-pentesting-dont-leave-home-without-it/2|access-date=2020-03-27|archive-date=2011-08-11}}</ref> |
|||
=== ExploitDB === |
=== ExploitDB === |
||
Exploit Database is an archive of vulnerable software and [[Exploit (computer security)|exploits]] that have been made public by the information security community. The database is designated to help penetration testers test small projects easily by sharing information with each other.<ref>{{Cite web|url=https://www.zdnet.com/article/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug/|title=Chinese websites have been under attack for a week via a new PHP framework bug|last=Cimpanu|first=Catalin|website=ZDNet|language=en|access-date=2020-03-27}}</ref> The database also contains proof-of-concepts ([[POC]]), helping information security professionals learn new exploits variations. In ''Ethical Hacking and Penetration Testing Guide'', Rafay Baloch said Exploit-db had over 20,000 exploits, and was available in BackTrack Linux by default.<ref>{{Cite book|last=Baloch|first=Rafay|url=https://books.google. |
Exploit Database is an archive of vulnerable software and [[Exploit (computer security)|exploits]] that have been made public by the information security community. The database is designated to help penetration testers test small projects easily by sharing information with each other.<ref>{{Cite web|url=https://www.zdnet.com/article/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug/|title=Chinese websites have been under attack for a week via a new PHP framework bug|last=Cimpanu|first=Catalin|website=ZDNet|language=en|access-date=2020-03-27|archive-date=2020-11-29|archive-url=https://web.archive.org/web/20201129204300/https://www.zdnet.com/article/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug/|url-status=live}}</ref> The database also contains proof-of-concepts ([[Proof of concept|POC]]), helping information security professionals learn new exploits variations. In ''Ethical Hacking and Penetration Testing Guide'', [[Rafay Baloch]] said Exploit-db had over 20,000 exploits, and was available in BackTrack Linux by default.<ref>{{Cite book|last=Baloch|first=Rafay|url=https://books.google.com/books?id=fKfNBQAAQBAJ&q=exploitdb&pg=PA136|title=Ethical Hacking and Penetration Testing Guide|date=2017-09-29|publisher=CRC Press|isbn=978-1-4822-3162-5|pages=135, 136, 137, 272, 431|language=en|access-date=2020-12-10|archive-date=2024-05-21|archive-url=https://web.archive.org/web/20240521145731/https://books.google.com/books?id=fKfNBQAAQBAJ&q=exploitdb&pg=PA136#v=snippet&q=exploitdb&f=false|url-status=live}}</ref> In ''CEH v10 Certified Ethical Hacker Study Guide'', Ric Messier called exploit-db a "great resource," and stated it was available within Kali Linux by default, or could be added to other Linux distributions.<ref>{{Cite book|last=Messier|first=Ric|url=https://books.google.com/books?id=ATiZDwAAQBAJ&q=exploitdb&pg=PA243|title=CEH v10 Certified Ethical Hacker Study Guide|date=2019-06-25|publisher=John Wiley & Sons|isbn=978-1-119-53319-1|pages=235, 236, 243, 536, 547|language=en}}</ref> |
||
=== Metasploit === |
=== Metasploit === |
||
Metasploit Unleashed is a charity project created by Offensive Security for the sake of [[Hackers for Charity]], which was started by Johnny Long. The projects teaches [[Metasploit]] and is designed especially for people who consider starting a career in [[penetration testing]].{{Citation needed|date=March 2024}} |
|||
Metasploit Unleashed is a charity project created by Offensive Security for the sake of [[Hackers for Charity]], which was started by [[Johnny Long]]. The projects teaches [[Metasploit]] and is designed especially for people who consider starting a career in [[penetration testing]]. Offensive security gave the course for free, but requests a small donation for hungry children in [[East Africa]].<ref>{{Cite web|url=https://www.offensive-security.com/metasploit-unleashed/|title=Metasploit Unleashed – Free Ethical Hacking Course|last=|first=|date=|website=www.offensive-security.com|url-status=live|archive-url=|archive-date=|access-date=2020-03-27}}</ref> Offensive security improved training and documentation for the widely used Metasploit Framework tool.<ref>{{Cite book|last=O'Gorman|first=Jim|url=https://books.google.com/books?id=TWKLBAAAQBAJ&printsec=frontcover&dq=%22offensive+security%22+company&hl=en&newbks=1&newbks_redir=0&sa=X&ved=2ahUKEwiWt-PEzp7oAhUMheAKHbZYBs4Q6AEwAnoECAIQAg#v=onepage&q=offensive%20security&f=false|title=Metasploit: The Penetration Tester's Guide|last2=Kearns|first2=Devon|last3=Aharoni|first3=Mati|date=2011|publisher=No Starch Press|isbn=978-1-59327-288-3|language=en}}</ref> The course was called "excellent" in ''Gray Hat Hacking The Ethical Hackers Handbook'',<ref>{{Cite book|last=Harper|first=Allen|url=https://books.google.ch/books?id=jMmpLwe2ezoC&q=%22Metasploit+unleashed%22&dq=%22Metasploit+unleashed%22&hl=en&sa=X&ved=0ahUKEwjY1KKI8LroAhUqxosKHSAXDd0Q6AEIYDAG|title=Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition|last2=Harris|first2=Shon|last3=Ness|first3=Jonathan|last4=Eagle|first4=Chris|last5=Lenkey|first5=Gideon|last6=Williams|first6=Terron|date=2011-02-05|publisher=McGraw Hill Professional|isbn=978-0-07-174256-6|language=en}}</ref> and was recommended in ''Penetration Testing with Raspberry Pi''.<ref>{{Cite book|last=Muniz|first=Joseph|url=https://books.google.ch/books?id=JuZrBgAAQBAJ&pg=PA92&dq=%22Metasploit+unleashed%22&hl=en&sa=X&ved=0ahUKEwjY1KKI8LroAhUqxosKHSAXDd0Q6AEIVjAF|title=Penetration Testing with Raspberry Pi|last2=Lakhani|first2=Aamir|date=2015-01-27|publisher=Packt Publishing Ltd|isbn=978-1-78439-412-7|language=en}}</ref> |
|||
=== Google Hacking Database === |
=== Google Hacking Database === |
||
Google Hacking Database was created by |
Google Hacking Database was created by Johnny Long and is now hosted by Offensive Security. The project was created as a part of [[Hackers for Charity]]. The database helps security professionals determine whether a given application or website is compromised. The database uses Google search to establish whether usernames and passwords had been compromised.<ref>{{Cite book|last1=Broad|first1=James|url=https://books.google.com/books?id=0YihZLFRW1gC&q=google+hacking+database&pg=PA97|title=Hacking with Kali: Practical Penetration Testing Techniques|last2=Bindner|first2=Andrew|date=2013-12-05|publisher=Newnes|isbn=978-0-12-407883-3|pages=97|language=en|access-date=2020-12-10|archive-date=2024-05-21|archive-url=https://web.archive.org/web/20240521151235/https://books.google.com/books?id=0YihZLFRW1gC&q=google+hacking+database&pg=PA97#v=snippet&q=google%20hacking%20database&f=false|url-status=live}}</ref> |
||
==See also== |
==See also== |
||
| Line 101: | Line 107: | ||
==References== |
==References== |
||
{{reflist}} |
{{reflist}} |
||
<!--- After listing your sources please cite them using inline citations and place them after the information they cite. Please see http://en.wikipedia.org/wiki/Wikipedia:REFB for instructions on how to add citations. ---> |
|||
* |
|||
* |
|||
* |
|||
* |
|||
== External links == |
== External links == |
||
* [https://www.offensive-security.com/ Offensive Security Official Website] |
* [https://www.offensive-security.com/ Offensive Security Official Website] |
||
* [https://www.kali.org/ Kali Linux Official Website] |
* [https://www.kali.org/ Kali Linux Official Website] |
||
* [https://www.offensive-security.com/metasploit-unleashed/ Metasploit Unleashed] |
|||
* [https://www.exploit-db.com/ ExploitDB Official Website] |
|||
* [http://www.backtrack-linux.org/ BackTrack Linux Official Website] |
|||
* [https://web.archive.org/web/20131030093537/http://www.securitynet.org/download-backtrack-for-windows/ SecurityNet on BackTrack (archive.org)] |
|||
* {{Github|offensive-security}} |
* {{Github|offensive-security}} |
||
[[Category:Android (operating system) software]] |
|||
[[Category:ARM operating systems]] |
|||
[[Category:Debian-based distributions]] |
|||
[[Category:Digital forensics software]] |
[[Category:Digital forensics software]] |
||
[[Category:Operating system distributions bootable from read-only media]] |
|||
[[Category:X86-64 Linux distributions]] |
|||
[[Category:Rolling Release Linux distributions]] |
|||
[[Category:Pentesting software toolkits]] |
|||
[[Category:Computer security]] |
|||
[[Category:Computer security procedures]] |
[[Category:Computer security procedures]] |
||
[[Category:Computer network security]] |
[[Category:Computer network security]] |
||
Latest revision as of 18:20, 30 October 2024
 | This article needs additional citations for verification. (December 2022) |
| Formerly | Offensive Security Services, LLC |
|---|---|
| Company type | Private |
| Industry | Computer software, Information Security, Digital forensics |
| Founders | Mati Aharoni, Devon Kearns |
| Headquarters | New York City , United States |
Area served | International |
Key people |
|
| Products | Kali Linux, Kali NetHunter, Offensive Security Certified Professional |
| Website | www |
Offensive Security (also known as OffSec)[1] is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007,[2] the company created open source projects, advanced security courses, the ExploitDB vulnerability database, and the Kali Linux distribution. The company was started by Mati Aharoni,[3] and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies.[4]
The company also provides training courses and certifications.
Background and history
[edit]Mati Aharoni, Offensive Security's co-founder, started the business around 2006 with his wife Iris.[5] Offensive Security LLC was formed in 2008.[6][7] The company was structured as Offensive Security Services, LLC in 2012 in North Carolina.[8] In September 2019 the company received its first venture capital investment, from Spectrum Equity, and CEO Ning Wang replaced Joe Steinbach, the previous CEO for four years, who ran the business from the Philippines. Jim O’Gorman, the company's chief strategy officer, also gives training and writes books. Customers include Cisco, Wells Fargo, Booz Allen Hamilton, and defense-related U.S. government agencies. The company gives training sessions at the annual Black Hat hacker conference.[5][9][10]
In 2019, J.M. Porup of CSO online wrote "few infosec certifications have developed the prestige in recent years of the Offensive Security Certified Professional (OSCP)," and said it has "a reputation for being one of the most difficult," because it requires student to hack into a test network during a difficult "24-hour exam." He also summarized accusations of cheating, and Offensive Security's responses, concluding hiring based only on credentials was a mistake, and an applicants skills should be validated.[11] In 2020, cybersecurity professional Matt Day of Start a Cyber Career, writing a detailed review and comparison of OSCP and CompTIA PenTest+, said OSCP was "well known in the pentesting community, and therefore well known by the managers that hire them."[12]
Projects
[edit]In addition to their training and security services, the company also founded open source projects, online exploit databases and security information teaching aids.
Kali Linux
[edit]The company is known for developing Kali Linux, which is a Debian Linux based distribution modeled after BackTrack. It succeeds BackTrack Linux, and is designed for security information needs, such as penetration testing and digital forensics. Kali NetHunter is Offensive Security's project for the ARM architecture and Android devices.[13] Kali Linux contains over 600 security programs. The release of the second version (2.0) received a wide coverage in the digital media[14][15][16][17] Offensive Security provides a book, Kali Linux Revealed,[18] and makes the first edition available for free download.[19] Users and employees have been inspired to have careers in social engineering.[20] In 2019, in a detailed review, Cyberpunk called Offensive Security's Kali Linux, "formally [sic] known as BackTrack," the "best penetration testing distribution."[21]
BackTrack
[edit]BackTrack Linux was an open source GNU General Public License Linux distribution developed by programmers from around the world with assistance, coordination, and funding from Offensive Security.[22][23][24] The distribution was originally developed under the names Whoppix, IWHAX, and Auditor. It was designed to delete any trace of its usage. The distribution was widely known and used by security experts.[25][26][27][28]
ExploitDB
[edit]Exploit Database is an archive of vulnerable software and exploits that have been made public by the information security community. The database is designated to help penetration testers test small projects easily by sharing information with each other.[29] The database also contains proof-of-concepts (POC), helping information security professionals learn new exploits variations. In Ethical Hacking and Penetration Testing Guide, Rafay Baloch said Exploit-db had over 20,000 exploits, and was available in BackTrack Linux by default.[30] In CEH v10 Certified Ethical Hacker Study Guide, Ric Messier called exploit-db a "great resource," and stated it was available within Kali Linux by default, or could be added to other Linux distributions.[31]
Metasploit
[edit]Metasploit Unleashed is a charity project created by Offensive Security for the sake of Hackers for Charity, which was started by Johnny Long. The projects teaches Metasploit and is designed especially for people who consider starting a career in penetration testing.[citation needed]
Google Hacking Database
[edit]Google Hacking Database was created by Johnny Long and is now hosted by Offensive Security. The project was created as a part of Hackers for Charity. The database helps security professionals determine whether a given application or website is compromised. The database uses Google search to establish whether usernames and passwords had been compromised.[32]
See also
[edit]
- Offensive Security Certified Professional
- Kali Linux
- Kali NetHunter
- BackTrack Linux
- List of computer security certifications
References
[edit]- ^ "Brand Refresh FAQ - Offensive Security Support Portal". OffSec. April 24, 2023. Archived from the original on May 4, 2023. Retrieved May 4, 2023.
- ^ "Homepage". Offensive Security. Archived from the original on 2015-09-05. Retrieved 26 September 2015.
- ^ "About Us". Offensive Security. Archived from the original on 11 July 2019. Retrieved 26 September 2015.
- ^ Kirk, Jeremy (Jul 29, 2014). "Zero-day flaws found in Symantec's Endpoint Protection". PC World. Archived from the original on 11 November 2020. Retrieved 26 September 2015.
- ^ a b "Exclusive: Offensive Security Names New CEO; Former No. 2 at HackerOne, Lynda". Fortune. Archived from the original on 2020-08-08. Retrieved 2020-03-17.
- ^ "Ning Wang, Offensive Security LLC: Profile and Biography". Bloomberg.com. Retrieved 2020-03-17.
- ^ "Offensive Security LLC". www.bloomberg.com. Retrieved 2020-03-17.
- ^ "Offensive Security Services, LLC". www.buzzfile.com. Retrieved 2020-03-17.
- ^ "Penetration Testing with Kali Linux, Black Hat USA 2018". www.blackhat.com. 2018. Archived from the original on 2020-11-11. Retrieved 2020-03-17.
- ^ "Speaker Jim O'Gorman, Black Hat USA 2018". www.blackhat.com. 2018. Retrieved 2020-03-17.
- ^ "OSCP cheating allegations a reminder to verify hacking skills when hiring | CSO Online". 2020-03-27. Archived from the original on 2020-03-27. Retrieved 2020-03-28.
- ^ "7 Reasons You Can't Compare the PenTest+ and OSCP – StartaCyberCareer.com". 2020-03-06. Archived from the original on 2020-03-06. Retrieved 2020-03-28.
- ^ Usatenko, Chris (2019-12-12). "Why secure web-based applications with Kali Linux?". Packt Hub. Archived from the original on 2020-01-12. Retrieved 2020-03-20.
- ^ Hoffman, Chris (August 19, 2015). "Meet Kali Linux 2.0, a distro built to hammer your security". PC World. Archived from the original on 26 September 2015. Retrieved 26 September 2015.
- ^ Stahie, Silviu (12 August 2015). "Kali Linux 2.0 Penetration Testing OS Now Based on Debian Jessie and Linux Kernel 4.0". Softpedia. Archived from the original on 9 September 2015. Retrieved 26 September 2015.
- ^ Holm, Joshua Allen. "Gnome turns 18, new tools for Docker, Kali Linux 2.0, and more news". OpenSource.com. Archived from the original on 6 September 2015. Retrieved 26 September 2015.
- ^ Kerner, Sean Michael. "Linux Planet". Archived from the original on 16 September 2015. Retrieved 26 September 2015.
- ^ Hertzog, Raphael; O'Gorman, Jim; Aharoni, Mati (2017-06-05). Kali Linux Revealed: Mastering the Penetration Testing Distribution. Offsec Press. ISBN 978-0-9976156-0-9. Archived from the original on 2024-05-21. Retrieved 2020-03-17.
- ^ Kali Linux Revealed (PDF). Archived from the original (PDF) on 2021-01-02. Retrieved 2020-03-17.
- ^ Carpenter, Perry (2019-04-30). Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors. John Wiley & Sons. ISBN 978-1-119-56637-3. Archived from the original on 2024-05-21. Retrieved 2020-12-10.
- ^ "Kali Linux - The Best Penetration Testing Distribution". CYBERPUNK. 2018-08-08. Archived from the original on 2020-03-28. Retrieved 2020-03-28.
- ^ "BackTrack Linux: The Ultimate Hacker's Arsenal - ADMIN | The resource for all system administrators". 2011-09-25. Archived from the original on 2011-09-25. Retrieved 2020-03-27.
- ^ "BackTrack Linux - Penetration Testing Distribution". 2011-09-24. Archived from the original on 2011-09-24. Retrieved 2020-03-27.
- ^ "About | BackTrack Linux". 2010-03-22. Archived from the original on 2010-03-22. Retrieved 2020-03-27.
- ^ "Linux.com :: Review: BackTrack 2 security live CD". 2007-12-10. Archived from the original on 2007-12-10. Retrieved 2020-03-27.
- ^ "Linux.com :: Test your environment's security with BackTrack". 2009-06-08. Archived from the original on 2009-06-08. Retrieved 2020-03-27.
- ^ "BackTrack 5 - A Linux Distribution Engineered for Penetration Testing | Ubuntu Manual". 2011-08-25. Archived from the original on 2011-08-25. Retrieved 2020-03-27.
- ^ "BackTrack 5 review – if you're serious about pentesting don't leave home without it! | Linux User". 2011-08-11. Archived from the original on 2011-08-11. Retrieved 2020-03-27.
- ^ Cimpanu, Catalin. "Chinese websites have been under attack for a week via a new PHP framework bug". ZDNet. Archived from the original on 2020-11-29. Retrieved 2020-03-27.
- ^ Baloch, Rafay (2017-09-29). Ethical Hacking and Penetration Testing Guide. CRC Press. pp. 135, 136, 137, 272, 431. ISBN 978-1-4822-3162-5. Archived from the original on 2024-05-21. Retrieved 2020-12-10.
- ^ Messier, Ric (2019-06-25). CEH v10 Certified Ethical Hacker Study Guide. John Wiley & Sons. pp. 235, 236, 243, 536, 547. ISBN 978-1-119-53319-1.
- ^ Broad, James; Bindner, Andrew (2013-12-05). Hacking with Kali: Practical Penetration Testing Techniques. Newnes. p. 97. ISBN 978-0-12-407883-3. Archived from the original on 2024-05-21. Retrieved 2020-12-10.