ONSEC: Boutique Penetration Testing Agency

Sign in Subscribe

ONSEC.io Research Team

ONSEC.io Research Team

From Zero to Hero: Phishing Campaign. Part 2

From Zero to Hero: Phishing Campaign. Part 2

See also: Part 1 Part 3 Chapter 2: Technical Implementation Architecture The phishing campaign scheme I'm considering is an example of a MitM attack to capture access credentials and sessions of attacked employees, including two-factor authorization (2FA) confirmation via TOTP codes and push notifications. Infrastructure components: * Phishing server.

From Zero to Hero: Phishing Campaign. Part 1

From Zero to Hero: Phishing Campaign. Part 1

Chapter 0: Introduction Warning: This material is provided for informational purposes only. Only repeat these actions in practice with proper authorization and agreement! The author is not responsible for the consequences of applying the information obtained in this article. With this post, I am starting a series of articles on

Exploring Online Gambling in Europe: Understanding Cybersecurity Challenges

Exploring Online Gambling in Europe: Understanding Cybersecurity Challenges

Gambling has deep roots in European history, spanning centuries and weaving into the cultural fabric of the continent. From the grandeur of Monaco's casinos to the quaint charm of UK betting shops, it's been a cherished pastime. In recent times, though, the landscape has shifted dramatically

Lab for pentesting iOS applications. Part 2

Lab for pentesting iOS applications. Part 2

In this part of the guide, we'll walk through setting up the environment and interacting with iOS applications. Target application: DVIA-v2 Preparation At this point, your iPhone should already be jailbroken, and Frida should be installed. You can easily verify this by connecting your phone to your MacBook

Lab for pentesting iOS applications. Part 1

Lab for pentesting iOS applications. Part 1

Introduction Goal: prepare a lab for pentesting iOS applications and MiTM traffic using Frida and BurpSuite. This step-by-step guide consists of two parts. The first part is dedicated to preparing the equipment (installing the required software and jailbreaking multiple versions of iOS), while the second part covers some basic features

Why is security important for MedTech?

Why is security important for MedTech?

Healthcare is one of the most critical and sensitive areas of human activity. Over the years, it has undergone changes and innovations to improve the quality of care and provide better services to patients. Modern technology has brought to this field the convenience of customer management, patient monitoring, and the

TCP Tarpit and Port Scanning. Barricades on Both Sides.

TCP Tarpit and Port Scanning. Barricades on Both Sides.

Introduction Thousands of articles have been written about port scanning, discussing techniques, methodologies, tools... Yet, even in such a seemingly straightforward topic, there are several less-covered nuances. If you regularly scan subnets, participate in bug bounties, perform penetration testing, or automate this process, then this article might be useful to