Learn how dedication, mindset, and community empowered Suhyun Smith in her OSCP certification journey, and get her tips for success.
Meet Mihai, a 16 year old OSCP holder and PWK graduate out of Romania. Read more about his tremendous start and journey into infosec.
OffSec student Christopher M Downs takes trying harder to another level: completing (and passing) his OSCP exam in the middle of a New Orleans flood. Read more about Christopher’s inspiring journey.
Our community manager, Tony Punturiero, breaks down the meaning of Offensive Security’s legendary motto “Try Harder”, and how it can help jump start your cyber career.
Samuel Whang, a PWK graduate, details his recommendations and a unique philosophical approach for those looking to pursue their OSCP.
This article originally appeared on Sep 24, 2019, posted by Samuel Whang and has been republished unedited and in its entirety with permission from the author. Original post: https://medium.com/@klockw3rk/my-oscp-guide-a-philosophical-approach-a98232bc818
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5.
A vulnerability has been found in Deluge up to 1.3.14 and classified as critical. This vulnerability affects an unknown functionality of the component WebUI. Upgrading to version 1.3.15 eliminates this vulnerability. A possible mitigation has been published 1 days after the disclosure of the vulnerability.
This issue only affects devices with three (3) or more MPC10’s installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device’s Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE’s on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.
A vulnerability, which was classified as problematic, was found in perltidy up to 20160302 (Programming Language Software). This affects an unknown part. Upgrading eliminates this vulnerability. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability.
A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series.
A vulnerability was found in Authconfig 6.2.8. It has been declared as problematic. This vulnerability affects an unknown code block of the component SSSD Authentication. Upgrading eliminates this vulnerability. A possible mitigation has been published 4 months after the disclosure of the vulnerability.
An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.
A vulnerability was found in Google Android (Smartphone Operating System) (affected version not known). It has been rated as critical. Affected by this issue is an unknown function of the component Qualcomm Component. Upgrading eliminates this vulnerability.
SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.
A vulnerability was found in Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1/Server 2012 (Operating System). It has been declared as problematic. Affected by this vulnerability is some unknown processing in the library win32k.sys. Applying the patch KB4019204 is able to eliminate this problem. The bugfix is ready for download at catalog.update.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.