where is offensive security actually being taught? i know for a fact it is not at any university because universities only teach technology that is over 20 years old. they dont give a fuck to learn something new. so, if i wanted to learn that, where do i go?

At decent universities they don't learn you 20 year old technology. No idea where you got that from.

IT is one of the many sectors that is changing all the time and universities have to adept their lectures to it on almost a yearly basis.

At my university they also organized hackatons like 3-4 times a year. Security was also one of the many masters to choose from.

Somewhere near my university there was also a college where you could get a bachelor in IT security specific. It were good lectures from what I've heard of it.

@8BitOverdose in my university we learn .jsp :) not to mention what else we learn. there isnt even an offer of cyber security. the closest form would be system administrator that they offer which im not interested in at all

"Cyber security" is pretty broad, what are you trying to do? Do you just want to make sure the code you develop doesn't have security holes, or are you trying to actually get into infosec?

@HollowKitty is it possible to do rev engineering with offensive security? or at least understand how it works or how to bypass something without knowing rev engineering?

@interstellar don't think I understand how you're using these terms. If you're doing offensive security, you're still the person defending against the attack, you're just doing it more proactively/aggressively (the best defense is a good offense). In that case why would you need to reverse engineer anything?

@HollowKitty i want to be in the side of the attacker, not defender. i do understand i should know both sides but my primary focus is attacker. i want to learn how to commit web attacks mainly

@HollowKitty @interstellar Offensive security is being the attacker and attacking to find out if the security of a system or piece of software is good.

I've done quite some myself, what would you like to know?

@interstellar OK, then I think the answer is yes. One interesting thing you can do is to learn JS and your browser's developer tools, and go look for sites that do a lot of processing/logic in the client-side JS before passing the result back to the server. A site that has a lot of application logic on the front end is a site you can exploit, if the data isn't being rechecked on the backend (which a lot of lazy/dumb/rushed developers don't think to do). If you read the source and also use breakpoints to step through the source as it runs, you can find a lot of interesting information that the developers didn't intend for you to see, and you can edit the outgoing API requests before they're sent to see what the server does with the tampered data. With enough playing around you can reverse-engineer parts of their API and find some interesting things to do with what you learned.

EDIT: standard disclaimer not to do this without permission etc.

Right here.

https://www.offensive-security.com