Prompt injection is an attack where an adversary hides instructions inside inputs (text, files, images, web pages, metadata, etc.) that a model treats as commands and the model follows them. The fundamental problem is simple-looking but deep: Large Language Models (LLMs) treat natural language both as data and as instructions, and attackers exploit that ambiguity. … Read more
Privilege Escalation using RegShot DLL Hijacking Sensitive information in Memory (Dumping connection string from Memory) Let’s try to log in with this credential using HediSQL: Remediation: Sensitive information should be encrypted. If encryption is not possible, use obfuscation techniques based on the application’s severity. Passwords In Registry Remediation: Encrypt passwords before storage, or store garbage … Read more
INFORMATION GATHERING Using the tool CFF Explorer Using the SysInternal Suites Let’s start … Using the Tool Wireshark Using the Tool ProcMon (Login Credentials in Registry Entry) TRAFFIC ANALYSIS Traffic Analysis using Wireshark Filter technique 1 Filter technique 2 Using Tool Echo Mirage
Introduction Thick client (Desktop) application penetration testing is the process of evaluating the security of a thick client application by simulating attacks to identify vulnerabilities. A thick client application, also known as a fat client, is a software program that runs on a local machine and communicates with a server or a database to perform … Read more