ONSEC.io Research Team

The gaming industry has experienced exponential growth over the past decade, transforming from simple arcade games into complex, interactive, and highly immersive experiences. With the rise of online multiplayer games, virtual economies, and e-sports, the stakes have never been higher. However, with great popularity comes great risk. Cybersecurity threats are

Discovering and Exploiting Misconfiguration Introduction This article is intended for pentesters and security professionals who work with Amazon S3 buckets. It covers methods for discovering buckets, checking access permissions, extracting data, and providing recommendations for securing them. Amazon S3 (Simple Storage Service) is a widely used object storage service for

What is pentest? A penetration test, generally known as a pentest, is an authorized simulated cyberattack on a computer system performed to evaluate the system's security, as Wikipedia tells us. Simply put, you hire hackers to identify vulnerabilities and weaknesses in your system in controlled conditions that real

See also: Part 1 Part 2 Chapter 4: Results The phishing campaign presented in this article lasted one day. The attacked employees of the organization are IT specialists from the development and administration departments - 42 people. The target organization participates in training on countering phishing attacks. Events since the

See also: Part 1 Part 3 Chapter 2: Technical Implementation Architecture The phishing campaign scheme I'm considering is an example of a MitM attack to capture access credentials and sessions of attacked employees, including two-factor authorization (2FA) confirmation via TOTP codes and push notifications. Infrastructure components: * Phishing server.