ONSEC: Boutique Penetration Testing Agency

Sign in Subscribe

ONSEC.io Research Team

ONSEC.io Research Team

Securing the Game: The Role of Penetration Testing in the Gaming Industry

Securing the Game: The Role of Penetration Testing in the Gaming Industry

The gaming industry has experienced exponential growth over the past decade, transforming from simple arcade games into complex, interactive, and highly immersive experiences. With the rise of online multiplayer games, virtual economies, and e-sports, the stakes have never been higher. However, with great popularity comes great risk. Cybersecurity threats are

AWS S3 for Pentesters

AWS S3 for Pentesters

Discovering and Exploiting Misconfiguration Introduction This article is intended for pentesters and security professionals who work with Amazon S3 buckets. It covers methods for discovering buckets, checking access permissions, extracting data, and providing recommendations for securing them. Amazon S3 (Simple Storage Service) is a widely used object storage service for

Everything You Always Wanted to Know About Pentest
(But Were Afraid to Ask)

Everything You Always Wanted to Know About Pentest (But Were Afraid to Ask)

What is pentest? A penetration test, generally known as a pentest, is an authorized simulated cyberattack on a computer system performed to evaluate the system's security, as Wikipedia tells us. Simply put, you hire hackers to identify vulnerabilities and weaknesses in your system in controlled conditions that real

From Zero to Hero: Phishing Campaign. Part 3

From Zero to Hero: Phishing Campaign. Part 3

See also: Part 1 Part 2 Chapter 4: Results The phishing campaign presented in this article lasted one day. The attacked employees of the organization are IT specialists from the development and administration departments - 42 people. The target organization participates in training on countering phishing attacks. Events since the

From Zero to Hero: Phishing Campaign. Part 2

From Zero to Hero: Phishing Campaign. Part 2

See also: Part 1 Part 3 Chapter 2: Technical Implementation Architecture The phishing campaign scheme I'm considering is an example of a MitM attack to capture access credentials and sessions of attacked employees, including two-factor authorization (2FA) confirmation via TOTP codes and push notifications. Infrastructure components: * Phishing server.

From Zero to Hero: Phishing Campaign. Part 1

From Zero to Hero: Phishing Campaign. Part 1

Chapter 0: Introduction Warning: This material is provided for informational purposes only. Only repeat these actions in practice with proper authorization and agreement! The author is not responsible for the consequences of applying the information obtained in this article. With this post, I am starting a series of articles on

Exploring Online Gambling in Europe: Understanding Cybersecurity Challenges

Exploring Online Gambling in Europe: Understanding Cybersecurity Challenges

Gambling has deep roots in European history, spanning centuries and weaving into the cultural fabric of the continent. From the grandeur of Monaco's casinos to the quaint charm of UK betting shops, it's been a cherished pastime. In recent times, though, the landscape has shifted dramatically