Our Blog

We’ll take you behind the scenes with a pen-tester’s take on IT Security. Helping you understand what's worth worrying about and the basics of how to deal with it.

CVE Hunting In An Open-Source Application

CVE hunting in an open-source application

10 Jun 2020

In this post Gus will walk through his methodology for white-box testing an open source application. In the post, he will provide three separate examples of CVE's that were found in the application, with methodology used, and exploitation technique explained....

6 Ways to Spot a Phishing Email

6 Ways To Spot A Phishing Email

21 May 2020

Phishing emails are very common. They are spam emails that land in your inbox or junk folder that imitate a real-life, well-known company (or even someone you may know) and ask you to provide them with sensitive information....

Pentesting PostgreSQL with SQL Injections

Pentesting PostgreSQL with SQL Injections

12 May 2020

In this post Gus takes a deeper look into how someone can easily test and exploit parameters that could be vulnerable to SQL Injection in web applications that use the postgreSQL DBMS....

Buffer Overflow Easy Chat Server 3.1

Buffer Overflow - Easy Chat Server 3.1

05 May 2020

.I'm going to be cover how to exploit the Easy Chat Server 3.1 Stack buffer overflow vulnerability on a Windows 7 32 bit virtual machine. This is perfect practice for anyone that is in the process of, or prepping for the PWK labs/OSCP exam!...

Sever Side Template Injection with Jinja2

Server Side Template Injection with Jinja2

29 Apr 2020

In this post, Gus looks into building Jinja2 SSTI payloads from zero. While also playing with bypass methods and different exploitation techniques....

Rapid7s Project Sonar

How I Made Rapid7's Project Sonar Searchable

21 Apr 2020

This blog outlines my recent efforts to make Rapid7's Project Sonar a practical source of DNS data when performing security assessments or bug hunting....

Bob and Alice

Would you like Bob or Alice for your next penetration test?

10 Mar 2020

Would you like Bob (he truly understands your business) or Alice (fresh pair of eyes) on your next pen-test engagement. It's your call...

Careless with cURL? Don't be

Careless with cURL? Don't be

14 Feb 2020

The potential use of this is quite a scary thought and would likely catch out a large number of security conscious individuals...

Dave Hewson OnSecurity's CEO

Dave Hewson on 2019: OnSecurity's year in review

31 Jan 2020

OnSecurity CEO Dave Hewson reflects on another big year for OnSecurity and speculates about 2020...

Abusing Kerberos from Linux

(Ab)using Kerberos from Linux

28 Jan 2020

This post aims to provide an overview of tooling available to perform common Kerberos abuse techniques from Linux...

Conor O'Neill OnSecurity Head of Product

Meet the team: Conor O'Neill - Head of Product

13 Nov 2019

Meet Conor. Conor holds ZERO Guinness World Records...

Instant online estimates

A new approach to pentest estimates

17 Oct 2019

Now you can get a quote for a pentest online, without any need for a sales call...

OnSecurity Portal

The Future of Penetration Test Reporting

30 Aug 2019

The traditional pentest report is dead, here's whats coming next...

New feature slack integration

New Feature: Slack Integration

25 Aug 2019

Now you can speak to your pentesters as the test progresses...

gain access to burp collaborator sessions

Persistent Access to Burp Suite Sessions - Step-by-Step Guide

22 Aug 2019

Ever wished you could use practically use Burpsuite collaborator in a persistent manner? Now you can...

BlueKeep worm

BlueKeep - The Worms are on the horizon

06 Aug 2019

A Penetration Tester explores a worrying aspect of BlueKeep that many Security Teams have overlooked...

What is social engineering

What is Social Engineering? Definition Examples Tips

06 Aug 2019

A Penetration Testing Pro shows how social engineering works in the real world. Hackers techniques, real-life examples and practical tips on staying safe...

Nicola Pentester

Meet the team: Nicola Pastres - Trainee PenTester

05 Aug 2019

Meet the team: Nicola Pastres - Trainee PenTester...

What is email phishing

What is Email Phishing? Definition and Real-life examples

01 Aug 2019

An Ethical Hacking Veteran explains how email phishing works. Illustrating the common tactics with real-world examples. Sharing practical tips for businesses and individuals...

What is spear phishing?

What is Spear Phishing? Definition, Examples, Advice

22 Jul 2019

An Infosec Expert explains how Spear Phishing works. With real world examples and practical advice on how executives and C-Suite can reduce the risks...

Andy Bryan Meet the team

Meet the team: Andy Bryan

18 Jul 2019

As a 12 year old I was scouted by Man City. But for some reason I turned it down...

Dan Roach

Meet the team: Dan Roach Software Developer

21 May 2019

Meet Dan. Favourite Hobby? Winding up Marketing by giving unconventional answers in interviews...

What is a penetration test?

What is a Penetration test?

01 Apr 2019

A penetration test (aka pen-test), is an authorised simulated cyber-attack on a computer system, performed to evaluate the security of the system...

Calum Miller

Meet the team: Calum Miller

15 Feb 2019

This week we’re catching up with Calum Miller, OnSecurity’s Head of Sales & Strategic Partnerships...

Dave Hewson

Our CEO's 2018 - OnSecurity's year in review

10 Jan 2019

Dave our CEO reflects on a big year for OnSecurity and looks ahead at what's to come in 2019...

Calum Boal

Meet the team: Calum Boal

27 Nov 2018

In the first of a series of interviews with the OnSecurity team, today we're chatting with Calum Boal, our latest Security Consultant...

Elasticsearch, Node

Solving our problem with Audit, Postgres & Elasticsearch

13 Nov 2018

The pain of living with huge large amounts of database audit and how we dealt with the problem using Elasticsearch, a custom written Node tool and PostgreSQL triggers...

We're Hiring Pentesters

We're hiring Pen-testers!

06 Nov 2018

We’re looking for talented pen-testers to join a pen-test company with a difference...

Back to basics - Secure your startup

Back to Basics: 7 tips to secure your startup

09 Aug 2018

I love security. And I love startups. Which is why I co-founded a security start-up. Unless you’re running a security startup too, you’ve probably not thought too much about security yet, even though you know you should...

Back to Basics

Back to Basics: 7 Steps to make yourself more secure

12 Apr 2018

7 Steps to make yourself more secure Whenever I tell someone I’m a penetration tester the reaction is always the same. First laughter at my ‘hilarious’ job title, followed by one of three questions: “Can you hack into my friend’s Facebook account?“ “Can you get me free money from the bank?”...

New Feature Instant Booking

New Feature: Instant Booking

15 Mar 2018

At OnSecurity we’re always figuring out new ways to make pen-testing more intuitive. Working closely with some of our clients, we’ve streamlined the booking process so you can book a pen-test in just 5 minutes...

Person Testing

How to take the pain out of pen-testing

27 Feb 2018

Pen-testing as an industry has only been around for about twenty years. It’s evolving fast and the relentless innovation can make it hard to keep up - nothing stands still for long. Yet one aspect of the business hasn’t changed a single bit in twenty years - an archaic process that's proved...

The Founders

Welcome to our blog

21 Feb 2018

This is where we’ll share a pen-tester’s take on IT Security. We’ll take you behind the scenes a little, to understand...