Contents

OffSec: the Practice & the Company

Read time: 3 mins
Last Updated on April 9, 2025
Published Aug. 13, 2023
By Marc van der Woerd
Save as .pdf

OffSec (Offensive security) can be used to refer to 2 different things; as a set of testing practices aimed at finding and exploiting vulnerabilities, and as the name of a prominent company specializing in these areas.

1. Offensive Security as a Practice

Offensive security testing practices generally encompass methods such as red teaming, penetration testing, and vulnerability assessment. These practices involve authorized activities that simulate adversarial actions to evaluate security.

While we'll dive into the various phases later on this article, penetration testing ("pentesting") at its core, can be broken down as follows:

  • A Simulated Attack: A penetration test is an authorized simulated cyberattack on a computer system, performed to evaluate the security of that system.

  • Purpose: The test's main purpose is to identify weaknesses (vulnerabilities), including the potential for unauthorized parties to gain access to the system’s features and data. By finding exploitable vulnerabilities, the tester can inform the client and suggest countermeasures to reduce the risk.

  • Methodology: Testers use the same tools and techniques as an adversary might to attempt to breach some or all of a system's security. This may involve analyzing a target system as a black box (where little information is provided) or a white box (where system details are provided in advance).

  • Tools and Techniques: The process often utilizes specialized operating system distributions geared toward penetration testing, such as Kali Linux. Attack tools used in the process include Metasploit, Nmap, and Wireshark. The process of a penetration test typically involves reconnaissance, scanning, gaining access (often through payloads), maintaining access, and finally covering tracks before reporting vulnerabilities and recommendations for remediation.

2. Offensive Security as a Company

Offensive Security (often referred to as OffSec) is an American international company that operates in information security, penetration testing, and digital forensics.

The company is known for its major contributions to the offensive security field, including:

  • Training and Certification: OffSec provides cybersecurity training courses and certifications. The most notable is the Offensive Security Certified Professional (OSCP) certification, which is an ethical hacking certification that specifically teaches penetration testing methodologies and is regarded as highly respected and difficult due to its requirement for hands-on, practical penetration testing skills demonstrated in a 24-hour exam.

  • Open Source Projects and Tools: Offensive Security created Kali Linux, a Debian-based Linux distribution designed for penetration testing and digital forensics. Kali Linux contains over 600 security programs and succeeded the previous distribution, BackTrack.

  • Information Resources: The company manages the Exploit Database (ExploitDB), an archive of vulnerable software and exploits that helps penetration testers test projects by sharing information. They also host the Google Hacking Database, which helps security professionals determine if an application or website has been compromised. Additionally, they developed Metasploit Unleashed, a charity project

Think off offensive security in the cyber landscape like a specialized stress test for a bank's vault. Instead of waiting for a real criminal attack, the bank hires a team of experts (the "offensive security" testers) to act like authorized burglars. They use real tools and techniques (like Kali Linux and Metasploit) to try and break in and steal simulated assets. This simulated attack identifies the specific flaws in the vault's defenses—whether it's a weak door or a slow alarm system—before a real criminal can exploit them.

The main practices associated with offensive security (OffSec) revolve around authorized simulation of cyberattacks to identify and address weaknesses.

Core Offensive Security Practices

Offensive security testing practices generally include:

  • Penetration Testing (Pentesting): This is an authorized simulated cyberattack on a computer system performed to evaluate the security of that system. The purpose is to identify weaknesses (vulnerabilities) and determine the potential for unauthorized access to a system's features and data.

  • Red Teaming.

  • Vulnerability Assessment.

Penetration tests are a component of a full security audit and can support risk assessments so let's see what its phases entail.

The 7 Phases of Penetration Testing

A penetration test is a formalized process often broken down into distinct sequential phases:

  1. Reconnaissance: The initial act of gathering important information on the target system that can be used to plan a successful attack, often involving open source search engines.

  2. Scanning: Using technical tools, such as Nmap, to gain further knowledge of the system, including scanning for open ports.

  3. Gaining access: Exploiting vulnerabilities using the gathered data and a payload (e.g., automated attacks via Metasploit). If an attacker gains access to one machine, the process may repeat as they look for new vulnerabilities to exploit and pivot to other machines.

  4. Maintaining access: Taking steps to ensure persistent presence within the target environment to maximize data gathering.

  5. Covering tracks: Clearing any evidence of compromising the victim system, including log events, to remain anonymous.

  6. Reporting: Documenting the findings, including classifying vulnerabilities via a risk matrix, an executive summary, vulnerability descriptions, and providing recommendations for remediation.

  7. Remediation & Re-testing: After the client addresses the vulnerabilities, a re-test is performed to confirm that the remediation was successful.

Penetration tests can vary based on the level of information provided to the tester: black box (only basic information given), white box (background and system information provided), or gray box (limited knowledge shared).

Supporting Tools and Methodologies

Offensive security practices rely on specific tools and standardized methodologies:

  • Specialized Operating Systems: Many practitioners use specialized OS distributions geared towards penetration testing, such as Kali Linux (which replaced BackTrack). Kali Linux is known for containing over 600 security programs designed for information security needs and digital forensics.

  • Software Frameworks and Tools: Tools used in this practice include frameworks like Metasploit Project, Nmap, Wireshark, and Burp Suite. The illegal operation performed by a penetration tester is referred to as the payload in Metasploit terminology, which can involve functions such as keylogging, stealing credentials, or creating backdoors.

  • Methodologies: Standard frameworks exist to guide penetration tests, including the Open Source Security Testing Methodology Manual (OSSTMM) and the Penetration Testing Execution Standard (PTES).

back to more articles

security   Black Box   DevSecOps   Ethical Hacking   Exploit Database   ExploitDB   Gaining & Maintaining Access   Gray Box   Kali Linux   Metasploit   OSCP   OSCP Certification   OffSec   Offensive Security   Payload   Penetration Testing   Penetration Testing Process   Pentesting   Reconnaissance and Scanning   SecDevOps   SecOps   Simulated Attack   vulnerabilities   Vulnerability Management   White Box   secure engineering   security architecture   2023  
ad sample
The 10 Most Popular Article Categories