ONSEC: Boutique Penetration Testing Agency

Sign in Subscribe

ONSEC.io Research Team

ONSEC.io Research Team

Our First (!!!) Cyber Daily 10/8: American Water Works Under Cyberattack, SatCom Cybersecurity Threats, FINRA Warns of Third-Party Risks, Qualcomm Patches Critical Flaws

Our First (!!!) Cyber Daily 10/8: American Water Works Under Cyberattack, SatCom Cybersecurity Threats, FINRA Warns of Third-Party Risks, Qualcomm Patches Critical Flaws

Welcome to the inaugural ONSEC Cyber Daily for October 8, 2024. As a leading penetration testing company, we're launching this new rubric to deliver the latest cybersecurity news and insights. Staying informed and proactive is essential in today's digital landscape. In this issue, we'll

Lock'n'load. History of vulnerabilities in the Counter Strike series - Part 3

Lock'n'load. History of vulnerabilities in the Counter Strike series - Part 3

Source engine: CS:S, CS GO, Team Fortress 2 Creation History Source is a 3D game engine developed by Valve. Its official debut appearance was in 2004 with the release of Half-Life: Source, Counter-Strike: Source, and Half-Life 2. Source became the successor to the GoldSrc engine, on which legendary games

Lock'n'load. History of vulnerabilities in the Counter Strike series - Part 2

Lock'n'load. History of vulnerabilities in the Counter Strike series - Part 2

Introduction In this part of the article, we will thoroughly examine vulnerabilities found in various games of the Counter-Strike series. Over the years, numerous vulnerabilities have been discovered, each affecting the security of players in its own way. Valve, the developer of the Counter-Strike series, actively supports a Bug Bounty

Crack NTLM over LM

Crack NTLM over LM

Let's suppose you have successfully taken control of a domain controller and can dump the password hashes of all domain users. You could run hashcat -m 1000 and wait, but what if you don't want to wait and you need the passwords immediately? For instance, you

Lock'n'load. History of vulnerabilities in the Counter Strike series - Part 1

Lock'n'load. History of vulnerabilities in the Counter Strike series - Part 1

Buffer Overflow Introduction Since this article will largely focus on the topic of buffer overflow, let's dive into this topic. Buffer Overflow is one of the most well-known and widely exploited vulnerabilities in cybersecurity. This vulnerability allows attackers to overwrite data in a program's memory and

Securing the Game: The Role of Penetration Testing in the Gaming Industry

Securing the Game: The Role of Penetration Testing in the Gaming Industry

The gaming industry has experienced exponential growth over the past decade, transforming from simple arcade games into complex, interactive, and highly immersive experiences. With the rise of online multiplayer games, virtual economies, and e-sports, the stakes have never been higher. However, with great popularity comes great risk. Cybersecurity threats are

AWS S3 for Pentesters

AWS S3 for Pentesters

Discovering and Exploiting Misconfiguration Introduction This article is intended for pentesters and security professionals who work with Amazon S3 buckets. It covers methods for discovering buckets, checking access permissions, extracting data, and providing recommendations for securing them. Amazon S3 (Simple Storage Service) is a widely used object storage service for