Offensive Security

Last updated
Offensive Security
FormerlyOffensive Security Services, LLC
Company typePrivate
Industry Computer software, Information Security, Digital forensics
FoundersMati Aharoni, Devon Kearns
Headquarters
New York City
,
United States
Area served
International
Key people
Products Kali Linux, Kali NetHunter, Offensive Security Certified Professional
Website www.offsec.com

Offensive Security (also known as OffSec) [1] is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007, [2] the company created open source projects, advanced security courses, the ExploitDB vulnerability database, and the Kali Linux distribution. The company was started by Mati Aharoni, [3] and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies. [4]

Contents

The company also provides training courses and certifications.

Background and history

Mati Aharoni, Offensive Security's co-founder, started the business around 2006 with his wife Iris. [5] Offensive Security LLC was formed in 2008. [6] [7] The company was structured as Offensive Security Services, LLC in 2012 in North Carolina. [8] In September 2019 the company received its first venture capital investment, from Spectrum Equity, and CEO Ning Wang replaced Joe Steinbach, the previous CEO for four years, who ran the business from the Philippines. Jim O’Gorman, the company's chief strategy officer, also gives training and writes books. Customers include Cisco, Wells Fargo, Booz Allen Hamilton, and defense-related U.S. government agencies. The company gives training sessions at the annual Black Hat hacker conference. [5] [9] [10]

In 2019, J.M. Porup of CSO online wrote "few infosec certifications have developed the prestige in recent years of the Offensive Security Certified Professional (OSCP)," and said it has "a reputation for being one of the most difficult," because it requires student to hack into a test network during a difficult "24-hour exam." He also summarized accusations of cheating, and Offensive Security's responses, concluding hiring based only on credentials was a mistake, and an applicants skills should be validated. [11] In 2020, cybersecurity professional Matt Day of Start a Cyber Career, writing a detailed review and comparison of OSCP and CompTIA PenTest+, said OSCP was "well known in the pentesting community, and therefore well known by the managers that hire them." [12]

Projects

In addition to their training and security services, the company also founded open source projects, online exploit databases and security information teaching aids.

Kali Linux

The company is known for developing Kali Linux, which is a Debian Linux based distribution modeled after BackTrack. It succeeds BackTrack Linux, and is designed for security information needs, such as penetration testing and digital forensics. Kali NetHunter is Offensive Security's project for the ARM architecture and Android devices. [13] Kali Linux contains over 600 security programs. The release of the second version (2.0) received a wide coverage in the digital media [14] [15] [16] [17] Offensive Security provides a book, Kali Linux Revealed, [18] and makes the first edition available for free download. [19] Users and employees have been inspired to have careers in social engineering. [20] In 2019, in a detailed review, Cyberpunk called Offensive Security's Kali Linux, "formally[ sic ] known as BackTrack," the "best penetration testing distribution." [21]

BackTrack

BackTrack Linux was an open source GNU General Public License Linux distribution developed by programmers from around the world with assistance, coordination, and funding from Offensive Security. [22] [23] [24] The distribution was originally developed under the names Whoppix, IWHAX, and Auditor. It was designed to delete any trace of its usage. The distribution was widely known and used by security experts. [25] [26] [27] [28]

ExploitDB

Exploit Database is an archive of vulnerable software and exploits that have been made public by the information security community. The database is designated to help penetration testers test small projects easily by sharing information with each other. [29] The database also contains proof-of-concepts (POC), helping information security professionals learn new exploits variations. In Ethical Hacking and Penetration Testing Guide, Rafay Baloch said Exploit-db had over 20,000 exploits, and was available in BackTrack Linux by default. [30] In CEH v10 Certified Ethical Hacker Study Guide, Ric Messier called exploit-db a "great resource," and stated it was available within Kali Linux by default, or could be added to other Linux distributions. [31]

Metasploit

Metasploit Unleashed is a charity project created by Offensive Security for the sake of Hackers for Charity, which was started by Johnny Long. The projects teaches Metasploit and is designed especially for people who consider starting a career in penetration testing.[ citation needed ]

Google Hacking Database

Google Hacking Database was created by Johnny Long and is now hosted by Offensive Security. The project was created as a part of Hackers for Charity. The database helps security professionals determine whether a given application or website is compromised. The database uses Google search to establish whether usernames and passwords had been compromised. [32]

See also

Related Research Articles

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

This is a list of operating systems specifically focused on security. Similar concepts include security-evaluated operating systems that have achieved certification from an auditing organization, and trusted operating systems that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements.

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

<span class="mw-page-title-main">Metasploit</span> Computer security testing tool

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

<span class="mw-page-title-main">BackTrack</span> Linux distribution

BackTrack was a Linux distribution that focused on security, based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, Khaled Baoween (Kali) & the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux.

Network enumeration is a computing activity in which usernames and info on groups, shares, and services of networked computers are retrieved. It should not be confused with network mapping, which only retrieves information about which servers are connected to a specific network and what operating system runs on them. Network enumeration is the discovery of hosts or devices on a network. Network enumeration tends to use overt discovery protocols such as ICMP and SNMP to gather information. It may also scan various ports on remote hosts for looking for well known services in an attempt to further identify the function of a remote host. The next stage of enumeration is to fingerprint the operating system of the remote host.

Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.

<span class="mw-page-title-main">H. D. Moore</span> American businessman

H. D. Moore is a network security expert, open source programmer, and hacker. He is the founder of the Metasploit Project and was the main developer of the Metasploit Framework, a penetration testing software suite.

<span class="mw-page-title-main">Pentoo</span> Gentoo based Linux distribution for penetration testing

Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64-bit installable live CD. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched Wi-Fi drivers, GPGPU cracking software, and many tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches - with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available.

<span class="mw-page-title-main">BackBox</span> Security-oriented Linux distribution

BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing.

<span class="mw-page-title-main">Wargame (hacking)</span>

In hacking, a wargame is a cyber-security challenge and mind sport in which the competitors must exploit or defend a vulnerability in a system or application, and/or gain or prevent access to a computer system.

<span class="mw-page-title-main">Kali Linux</span> Debian-based Linux distribution for penetration testing

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security.The software is based on the Debian Testing branch: most packages Kali uses are imported from the Debian repositories.

<span class="mw-page-title-main">Armitage (computing)</span> Cyber attack management tool by Metasploit

Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for: shared sessions, data, and communication through a single Metasploit instance. Armitage is written and supported by Raphael Mudge.

<span class="mw-page-title-main">Parrot OS</span> Debian-based Linux distribution

Parrot OS is a Linux distribution based on Debian with a focus on security, privacy, and development.

<span class="mw-page-title-main">Kali NetHunter</span> Free & open-source mobile penetration testing platform for non-rooted and rooted Android devices

Kali NetHunter is a free and open-source mobile penetration testing platform for Android devices, based on Kali Linux. Kali NetHunter is available for non-rooted devices, for rooted devices that have a standard recovery, and for rooted devices with custom recovery for which a NetHunter specific kernel is available (NetHunter). Official images are published by Offensive Security on their download page and are updated every quarter. NetHunter images with custom kernels are published for the most popular supported devices, such as Google Nexus, Samsung Galaxy and OnePlus. Many more models are supported, and images not published by Offensive Security can be generated using NetHunter build scripts. Kali NetHunter is maintained by a community of volunteers, and is funded by Offensive Security.

Terry Cutler is a Canadian cyber security expert and teacher, often described as an "ethical hacker" for his long term work with cyber security and protection. Cutler is the founder, former CTO, and current CEO of Cyology Labs and the vice-president of cyber security at SIRCO. He is also the creator of "The Course On Internet Safety". Cyology Labs's focal point is cyber security and data safety. Prior to founding Cyology Labs in 2015, Cutler founded Digital Locksmiths, Inc. focusing on data security of cloud and mobile solutions. Cutler is an often cited source on Cyber security and has been featured on various televisions shows across Canada. He describes himself as a "cyologist", a trademarked term of his own invention for a person who works in cyber security.

<span class="mw-page-title-main">BlackArch</span> Penetration testing distribution based on Arch Linux

BlackArch is a penetration testing distribution based on Arch Linux that provides a large number of security tools. It is an open-source distro created specially for penetration testers and security researchers. The repository contains more than 2800 tools that can be installed individually or in groups. BlackArch Linux is compatible with existing Arch Linux installations.

References

  1. "Brand Refresh FAQ - Offensive Security Support Portal". OffSec. April 24, 2023. Retrieved May 4, 2023.
  2. "Homepage". Offensive Security. Archived from the original on 2015-09-05. Retrieved 26 September 2015.
  3. "About Us". Offensive Security. Retrieved 26 September 2015.
  4. Kirk, Jeremy (Jul 29, 2014). "Zero-day flaws found in Symantec's Endpoint Protection". PC World. Retrieved 26 September 2015.
  5. 1 2 "Exclusive: Offensive Security Names New CEO; Former No. 2 at HackerOne, Lynda". Fortune. Retrieved 2020-03-17.
  6. "Ning Wang, Offensive Security LLC: Profile and Biography". Bloomberg.com. Retrieved 2020-03-17.
  7. "Offensive Security LLC". www.bloomberg.com. Retrieved 2020-03-17.
  8. "Offensive Security Services, LLC". www.buzzfile.com. Retrieved 2020-03-17.
  9. "Penetration Testing with Kali Linux, Black Hat USA 2018". www.blackhat.com. 2018. Retrieved 2020-03-17.
  10. "Speaker Jim O'Gorman, Black Hat USA 2018". www.blackhat.com. 2018. Retrieved 2020-03-17.
  11. "OSCP cheating allegations a reminder to verify hacking skills when hiring | CSO Online". 2020-03-27. Archived from the original on 2020-03-27. Retrieved 2020-03-28.
  12. "7 Reasons You Can't Compare the PenTest+ and OSCP – StartaCyberCareer.com". 2020-03-06. Archived from the original on 2020-03-06. Retrieved 2020-03-28.
  13. Usatenko, Chris (2019-12-12). "Why secure web-based applications with Kali Linux?". Packt Hub. Retrieved 2020-03-20.
  14. Hoffman, Chris (August 19, 2015). "Meet Kali Linux 2.0, a distro built to hammer your security". PC World. Retrieved 26 September 2015.
  15. Stahie, Silviu. "Kali Linux 2.0 Penetration Testing OS Now Based on Debian Jessie and Linux Kernel 4.0". Softpedia. Retrieved 26 September 2015.
  16. Holm, Joshua Allen. "Gnome turns 18, new tools for Docker, Kali Linux 2.0, and more news". OpenSource.com. Retrieved 26 September 2015.
  17. Kerner, Sean Michael. "Linux Planet" . Retrieved 26 September 2015.
  18. Hertzog, Raphael; O'Gorman, Jim; Aharoni, Mati (2017-06-05). Kali Linux Revealed: Mastering the Penetration Testing Distribution. Offsec Press. ISBN   978-0-9976156-0-9.
  19. Kali Linux Revealed (PDF).
  20. Carpenter, Perry (2019-04-30). Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors. John Wiley & Sons. ISBN   978-1-119-56637-3.
  21. "Kali Linux - The Best Penetration Testing Distribution". CYBERPUNK. 2018-08-08. Retrieved 2020-03-28.
  22. "BackTrack Linux: The Ultimate Hacker's Arsenal - ADMIN | The resource for all system administrators". 2011-09-25. Archived from the original on 2011-09-25. Retrieved 2020-03-27.
  23. "BackTrack Linux - Penetration Testing Distribution". 2011-09-24. Archived from the original on 2011-09-24. Retrieved 2020-03-27.
  24. "About | BackTrack Linux". 2010-03-22. Archived from the original on 2010-03-22. Retrieved 2020-03-27.
  25. "Linux.com :: Review: BackTrack 2 security live CD". 2007-12-10. Archived from the original on 2007-12-10. Retrieved 2020-03-27.
  26. "Linux.com :: Test your environment's security with BackTrack". 2009-06-08. Archived from the original on 2009-06-08. Retrieved 2020-03-27.
  27. "BackTrack 5 - A Linux Distribution Engineered for Penetration Testing | Ubuntu Manual". 2011-08-25. Archived from the original on 2011-08-25. Retrieved 2020-03-27.
  28. "BackTrack 5 review – if you're serious about pentesting don't leave home without it! | Linux User". 2011-08-11. Archived from the original on 2011-08-11. Retrieved 2020-03-27.
  29. Cimpanu, Catalin. "Chinese websites have been under attack for a week via a new PHP framework bug". ZDNet. Retrieved 2020-03-27.
  30. Baloch, Rafay (2017-09-29). Ethical Hacking and Penetration Testing Guide. CRC Press. pp. 135, 136, 137, 272, 431. ISBN   978-1-4822-3162-5.
  31. Messier, Ric (2019-06-25). CEH v10 Certified Ethical Hacker Study Guide. John Wiley & Sons. pp. 235, 236, 243, 536, 547. ISBN   978-1-119-53319-1.
  32. Broad, James; Bindner, Andrew (2013-12-05). Hacking with Kali: Practical Penetration Testing Techniques. Newnes. p. 97. ISBN   978-0-12-407883-3.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.