在這個 AI 能快速回答問題、產生程式碼,甚至分析漏洞的時代,我常常在思考一個問題:學習資安過程中的卡關、反覆嘗試和失敗意味著什麼? 一直以來我都是個很喜歡學習各種有趣東西的人(即使不見得對我現在有用),我的其中一個學習哲學就是:「學習本身就是目的」。我至今仍然無法忘懷當年為了一個簡單的漏洞,苦思冥想奮戰數天,也曾為了弄復現漏洞,投入很長的時間反覆測試和驗證(我相信這是很多資安人曾經或現在的寫照)。 還記得第一次正式接觸資訊安全,是在我大學時期偶然參加的一次 Wargame,以現在的角度來看,簡單到令人驚訝,我還記得第一關,就是對著網頁 F12(或右鍵查看原始碼),Flag 就在當中。不過對於當初非本科系出身的我,彷彿打開了新世界的大門,上一次接觸到類似的東西大概是國小時期的 VB6。 在那場 Wargame 之後,我開始積極的尋找各種平台練習,不出意外,遇到比想像中更多的難關,當時我不會寫程式、對資訊系統的理解幾乎是從零開始,因此我開始回頭從最基礎的Python / TCP / Linux 指令開始,在那個沒有 LLM 的年代只能依賴實體的書籍、各種線上資源與社群。 在 2018 的某天意外看到 Billy 的一篇關於 OSCP 的文章,開啟了我對這張證照的興趣,接著又在 PTT 上看到有人發文說「想創個 Kali 的社群」,我就私訊了那位發文者 T0ny,他把我邀進去群組後,發現群組成員:只有我、那位發文者 T0ny。 身為一個當時對於資安技術充滿好奇的人,我開始加入很多資安群組,也在 PTT 上發文,宣傳我們的小群組,希望能找到願意一起學習和交流的人(現在想想還真是有點厚臉皮)。 這裡還有個小故事,由於當年我實在厭煩於有些人會跑到資安群組問「能不能幫我入侵 XXX」,我設計了一個表單,裡面都是一些簡單的資安問題,目的是希望避免一樣的情況發生,效果意外的不錯。 總之我徹底踏入滲透測試這個領域,也很幸運地結識了 Billy、Dexter 和其他當年一起奮戰打…
Category: OffSec
Beat AI or Let AI Beat You
AI feels like an enemy. From a certain angle, it is. But mostly it’s just scary, the same way the internet was scary back in the day, and the same way personal computers were scary before that. It helps to…
Matcha, Sueño y Ejercicio: La Guía Off-Topic del Hacker Saludable
Presentación Aquí está el primer post del blog del equipo del Capítulo Español. Esta vez queremos empezar con algo un poco off-topic para dar inicio al blog de la comunidad OffSec. En este 1º Post quiero empezar un poco hablando…
The Gap Between Cybersecurity Training Investment and Actual Team Performance
If your team can pass certifications but you’re not sure how they’d perform during a real incident, see how Live Training closes that gap The post The Gap Between Cybersecurity Training Investment and Actual Team Performance appeared first on OffSec.…
OffSec Launches Instructor-Led Live Training for Enterprise Security Teams
OffSec is excited to announce the launch of Live Training. Booking for instructor-led, in-person training now open. The post OffSec Launches Instructor-Led Live Training for Enterprise Security Teams appeared first on OffSec. This article has been indexed from OffSec Read…
Do Cybersecurity Certifications Still Matter?
Are cybersecurity certifications still worth it? Discover how hands-on certifications prove real skills, boost employability, and help you get hired. The post Do Cybersecurity Certifications Still Matter? appeared first on OffSec. This article has been indexed from OffSec Read the…
Shadow AI: How Unsanctioned Tools Create Invisible Risk
Over 80% of workers use unapproved AI tools. Learn how shadow AI creates hidden attack surface and what security teams can do to detect and address it. The post Shadow AI: How Unsanctioned Tools Create Invisible Risk appeared first on…
OffSec and Deloitte Portugal Announces Strategic Partnership
Announcing a strategic partnership with Deloitte Portugal to help organizations strengthen the technical capabilities of their security teams. The post OffSec and Deloitte Portugal Announces Strategic Partnership appeared first on OffSec. This article has been indexed from OffSec Read the…
8 Ways to Stay Motivated During Exam Prep
Preparing for an OffSec certification exam is a technical and psychological journey. Here are some expert strategies to help during your OffSec exam prep! The post 8 Ways to Stay Motivated During Exam Prep appeared first on OffSec. This article…
OSCP to OSAI+: How Offensive Security Practitioners Can Pivot Into AI Security
OSCP holders already have the adversarial mindset AI red teaming demands. Learn what transfers, what’s new, and how to close the gap from OSCP to OSAI+ efficiently. The post OSCP to OSAI+: How Offensive Security Practitioners Can Pivot Into AI…
The AI Security Skills Gap: What It Is, Where It Exists, and How to Close It
The AI security skills gap threatens enterprise AI investments. Learn where skills gaps exist across security teams and how hands-on training closes them. The post The AI Security Skills Gap: What It Is, Where It Exists, and How to Close…
Careers in Offensive AI Security: Roles, Skills, and Pathways
At OffSec, we are building OSAI, our offensive AI security certification, to help practitioners extend adversary-driven methodology into AI-enabled environments already entering production. That initiative reflects a broader shift happening across the industry. As AI-enabled features move into production systems,…
Building an AI-Ready Cybersecurity Team
A practical framework for security leaders to build AI-ready teams. Learn to assess capabilities, prioritize training, and balance AI with foundational skills. The post Building an AI-Ready Cybersecurity Team appeared first on OffSec. This article has been indexed from OffSec…
Defending Against AI-Powered Cyber Attacks: Why Your Blue Team Needs New Skills
AI-powered cyber attacks are outpacing traditional defenses. Learn the four key threat categories and the new skills blue teams need to defend against them. The post Defending Against AI-Powered Cyber Attacks: Why Your Blue Team Needs New Skills appeared first…
CVE-2026-24061 – GNU InetUtils telnetd Authentication Bypass Vulnerability
CVE-2026-24061 enables unauthenticated attackers to exploit GNU telnetd and gain immediate root shells over the network. The post CVE-2026-24061 – GNU InetUtils telnetd Authentication Bypass Vulnerability appeared first on OffSec. This article has been indexed from OffSec Read the original…
Thinking Like an Attacker: How Attackers Target AI Systems
In September 2025, security researchers at Anthropic uncovered something unprecedented: an AI-orchestrated espionage campaign where attackers used Claude to perform 80–90% of a sophisticated hacking operation. The AI handled everything from reconnaissance to payload development, demonstrating that artificial intelligence has…
How OffSec Maps Cybersecurity Training to Industry Frameworks
How MITRE ATT&CK, D3FEND, and NICE/NIST frameworks help connect hands-on cybersecurity training to real-world work. The post How OffSec Maps Cybersecurity Training to Industry Frameworks appeared first on OffSec. This article has been indexed from OffSec Read the original article:…
Offensive Security in the Age of AI: Red Teaming LLM
LLMs change how red teams test applications. Explore OffSec’s LLM Red Teaming Learning Path and build practical AI testing skills. The post Offensive Security in the Age of AI: Red Teaming LLM appeared first on OffSec. This article has been…
Closing Out 2025 with Gratitude (and Momentum)
To the OffSec community, As 2025 comes to a close, we want to pause and say thank you. Whether you trained with us, earned a certification, hired through our platform, or cheered others on from the sidelines, you helped make…
Blue Team vs Red Team: Should Defenders Learn Offensive Skills?
Discover why blue team defenders benefit from red team skills. Learn how offensive knowledge improves detection, incident response, and career growth. The post Blue Team vs Red Team: Should Defenders Learn Offensive Skills? appeared first on OffSec. This article has…