XPLT & Dragon Drop: Dein Shortcut zu neuem OffSec-Content

Bleib vorne dabei – ohne den Überblick zu verlieren.

DragonDrop ist dein monatliches Mini-Training zu neuen Inhalten aus der OffSec Learning Library – von OSCP über OSEP bis OSWE und mehr. Du musst nicht alles selbst durchforsten. Wir filtern das Beste raus, zeigen dir, was neu ist – und trainieren es gleich mit dir.

Jetzt Anmelden!

Auf einen Blick:

  • Wöchentlich kommen neue Inhalte zu über 7.800+ Stunden Text, 5.400+ Labs & 1.600+ Videos hinzu. Wer soll da den Überblick behalten?

  • Die meisten OffSec-Teilnehmer erreichen ihre Zertifizierung schneller, wenn sie sich regelmäßig mit aktuellem Content beschäftigen.

Deine Vorteile:

  • Immer up to date: Wir zeigen dir, was relevant ist – auch abseits prüfungsrelevanter Inhalte (z. B. Cloud Pentesting, ABAC, IMDSv2).

  • Hands-On statt Theorie: Kurzes, interaktives Mini-Webinar mit direkter Anwendung. Kein passives Zusehen – sondern aktives Mitlernen.

Termine:

  • Dienstag, 30.09, Topic TBA, 9:00-13:00, Live Online, Registrierung noch nicht eröffnet

 

Vergangene Termine:

  • Freitag, 29.08. PEN-200 / OSCP Extra Mile: Offensive Cloud Lab 03.

The IT department of St Hubbins Hospital has hired us to conduct a security assessment of their website and cloud infrastructure. They are particularly interested in testing to make sure there is no unauthorized access to Protected Health Information (PHI). As part of the assessment, they will provide access to a DNS server with their public domains and a test account to access the hospital app.

Frequently Asked Questions

Was brauche ich, um teilzunehmen?

Du benötigst eine aktive OffSec-Subscription, damit du Zugriff auf die Inhalte in der Learning Library hast.

Wer darf teilnehmen?

Vorrang haben Kund:innen, die ihre Lizenz über uns erworben haben.
Gelegentlich öffnen wir einzelne Sessions für alle – melde dich zum Newsletter
an, um informiert zu bleiben.
Hinweis: Eine gültige OffSec-Lizenz
ist in jedem Fall erforderlich.

Wie oft findet aas Dragon Drop Mini Training statt?

In der Regel gibt es mindestens einmal pro Monat eine neue Session – manchmal auch häufiger, wenn spannende Inhalte veröffentlicht werden.

Für welche Kurse gelten die Mini-Trainings?

Das hängt vom jeweiligen Dragon Drop ab.
Behandelt werden Inhalte aus konkreten Kursen (z. B. OSCP, OSEP, OSWE) oder übergreifende Themen wie Cloud Pentesting oder Cyber Ranges.

Dragon Drops

Neuer Content im Überblick

August 2025

Lab

GALLERY

https://portal.offsec.com/machine/gallery-213679/overview?utm_campaign=17198008-Dragon%20Drop&utm_content=344022688&utm_medium=social&utm_source=linkedin&hss_channel=lcp-5384047

This lab blends web and system exploitation techniques. Learners start by discovering credentials via SNMP enumeration and pivot into SQL injection within a partner portal to extract admin credentials. With admin access, they bypass file upload restrictions to execute code via a webshell. Final privilege escalation is achieved through creative wildcard abuse in a root-executed cron backup script, leading to full root access.

Lab

converter

https://portal.offsec.com/machine/converter-213681/overview?utm_campaign=17198008-Dragon%20Drop&utm_content=344022688&utm_medium=social&utm_source=linkedin&hss_channel=lcp-5384047

This lab takes learners through a multi-stage exploitation chain beginning with an XXE injection in an XSLT transformation service, revealing sensitive internal paths and credentials. The challenge escalates through exploitation of a misconfigured ekuiper instance vulnerable to arbitrary file writes. Using JWT forgery and sudoers manipulation, participants achieve full root access by writing privileged files through authenticated API abuse.

Lab

AgeGate

https://portal.offsec.com/machine/agegate-213683/overview?utm_campaign=17198008-Dragon%20Drop&utm_content=344022688&utm_medium=social&utm_source=linkedin&hss_channel=lcp-5384047

This lab centers on exploiting a vulnerable WordPress plugin—Age Gate version 3.5.3—via an unauthenticated Local File Inclusion (LFI) vulnerability (CVE-2023-3132). Learners discover a non-standard port hosting WordPress, identify the plugin flaw, and exploit it to access sensitive files. Enumeration of SNMP reveals backup credentials, which are used to gain SSH access. Privilege escalation is achieved through a misconfigured SUID binary vulnerable to command injection.

CVE-2024-55415

https://portal.offsec.com/machine/cve-2024-55415-211372/overview?utm_campaign=17198008-Dragon%20Drop&utm_content=344022688&utm_medium=social&utm_source=linkedin&hss_channel=lcp-5384047

A vulnerable Laravel application running Voyager v1.7.0 is exposed to an authenticated arbitrary file read vulnerability (CVE-2024-55425). Attackers who access the admin panel with default credentials can manipulate download queries to retrieve sensitive files such as private SSH keys. Successful exploitation leads to full root access via SSH login, highlighting the dangers of misconfigured access controls.

Learning Module

Azure Object Storage

https://portal.offsec.com/learning-modules/azure-object-storage-213700/overview?utm_campaign=17198008-Dragon%20Drop&utm_content=344022688&utm_medium=social&utm_source=linkedin&hss_channel=lcp-5384047

The Azure Object Storage module covers secure management of Microsoft Azure's blob storage, including authentication, private endpoints, and data protection techniques like snapshots and soft-delete. It explores configuration best practices and addresses common security pitfalls to ensure data integrity and minimize exposure risks within Azure environments.

CVE-2025-30208_Attack

https://portal.offsec.com/machine/cve-2025-30208_attack-213427/overview

This lab exploits CVE-2025-30208 in Vite v6.2.1, where the @fs handler fails to properly restrict access to files outside the allowed directories. By appending query parameters like ?raw, attackers can bypass security controls to read sensitive files such as root’s SSH key, enabling full remote access.

Defend CVE-2025-30208

https://portal.offsec.com/machine/defend-cve-2024-55963-213440/overview

CVE-2025-30208 is a vulnerability in Vite v6.2.1 that allows an unauthenticated attacker to read arbitrary files via the @fs handler. In this lab, you will secure a vulnerable instance of Vite in order to obtain the flag.

CVE-2024-55963_Attack

https://portal.offsec.com/machine/cve-2024-55963_attack-213429/overview

This lab exploits CVE-2024-55963 in Appsmith versions before 1.52, where misconfigured PostgreSQL permissions allow execution of system commands using the COPY FROM PROGRAM SQL feature. By crafting a malicious plugin datasource and querying output via table rows, attackers achieve unauthenticated remote code execution directly from the web interface.

Lab

CVE-2024-39914_Attack

https://portal.offsec.com/machine/cve-2024-39914_attack-213431/overview

This lab targets CVE-2024-39914 in Fogproject v1.5.10, where an unauthenticated attacker can exploit unsanitized parameters in the PDF export functionality to execute arbitrary commands. A malicious payload spawns a PHP webshell, enabling remote command execution and access to sensitive files directly from the web root.

Defend CVE-2024-39914

https://portal.offsec.com/machine/defend-cve-2024-39914-213441/overview

CVE-2024-39914 is a vulnerability in the FOG Project, an open-source cloning, imaging, and inventory management system. The vulnerability affects versions prior to 1.5.10.34 and allows an attacker to execute arbitrary system commands by exploiting improper input handling in the filename parameter sent to /fog/management/export.php. Specifically, the file packages/web/lib/fog/reportmaker.class.php fails to sanitize user-supplied input, resulting in a command injection vulnerability. In this lab, you will secure a vulnerable instance of the FOG Project in order to obtain the flag.

CVE-2025-27636

https://portal.offsec.com/machine/cve-2025-27636-213425/overview

Target a web application powered by Apache Camel v4.10 vulnerable to CVE-2025-27636—a header filter bypass flaw. Manipulate HTTP headers to inject commands into a misconfigured endpoint that executes system commands as root. Chain the vulnerability with remote file retrieval and achieve a reverse shell without requiring privilege escalation steps.

28.7.2025

Neue Module:
→ PEN-200 | Extra Mile: Offensive Cloud Lab 03: https://lnkd.in/e_EdSH_j
→ EXP-301 | VMware Workstation Guest-To-Host Escape: https://lnkd.in/eNdA_Js5

Neue CVE Labs:
→ CVE-2025-24801: https://lnkd.in/eNfJXGfq
→ CVE-2025-27136_Attack: https://lnkd.in/emdzm_8e
→ Defend CVE-2025-27136: https://lnkd.in/e5YCCnWm
→ CVE-2025-45753_Attack: https://lnkd.in/ecjcZ2q3
→ Defend CVE-2025-45753: https://lnkd.in/e7YAGHWh
→ Sea CVE‑2025‑25520: https://lnkd.in/eiSNSC-f

Weitere Labs:
→ FTK Digital Forensics Lab: https://lnkd.in/ewppGeCS

Juli 2025

Neue CVE Labs:
→ CVE-2025-27636_Attack: https://lnkd.in/exPHWinw
→ Defend CVE-2025-27636: https://lnkd.in/edV-hqbR
→ CraftStorm_Attack: https://lnkd.in/eAYZQ9fw
→ Defend CraftStorm: https://lnkd.in/eY-z8AVA

Weitere Labs:
→ Infilo: https://lnkd.in/e7ZS73DG

Neue Module:
→ Cyber Governance Fundamentals: https://lnkd.in/eWhBgKRH

Das sagen unsere Teilnehmer über unsere Workshops:

War super, werde das Training unseren Kollegen empfehlen! Essen hätte besser sein können ;)

Daniel G.

Computer Science Student

Das Training hat sehr geholfen die Inhalte zu verstehen und sich auf die Prüfung vorzubereiten, Quasi Speed Run!

Thomas L.

Pentester

Die Möglichkeit das Training über mehrere Wochen auf 2x pro Woche a 4h aufzuteilen hat uns sehr geholfen das Training in den Arbeitsalltag zu integrieren.

Bhodan D.

Officer Cybersecurity

Hört sich gut an?

Hier findest Du den Link zur aktuellen Session.

Melde dich hier zum Newsletter an, um fortlaufend Updates zu erhalten.

Weitere Angebote zu unseren Trainings und OffSec Lizenzen findest du auf der Website.

Viel Erfolg!