#informationsecurity

Thick Client (Desktop) Application Penetration Testing – Part-2

by
Thick Client (Desktop) Application Penetration Testing - Part-2

Privilege Escalation using RegShot DLL Hijacking Sensitive information in Memory (Dumping connection string from Memory) Let’s try to log in with this credential using HediSQL: Remediation: Sensitive information should be encrypted. If encryption is not possible, use obfuscation techniques based on the application’s severity. Passwords In Registry Remediation: Encrypt passwords before storage, or store garbage … Read more

Thick Client (Desktop) Application Penetration Testing – Part-1

by
Thick Client (Desktop) Application Penetration Testing - Part-1

INFORMATION GATHERING Using the tool CFF Explorer Using the SysInternal Suites Let’s start … Using the Tool Wireshark Using the Tool ProcMon (Login Credentials in Registry Entry) TRAFFIC ANALYSIS Traffic Analysis using Wireshark Filter technique 1 Filter technique 2 Using Tool Echo Mirage

Most useful Linux network commands

by
most useful Linux Network Commands

Linux Network Commands: In the world of networking, having the right tools at your disposal can mean the difference between a smooth, seamless connection & a frustrating, time-consuming experience. While there are plenty of GUI-based network tools out there, seasoned Linux users know that the command line is often the best place to turn when … Read more

Sensitive Data Leak via Docker Images

by
Sensitive Data Leak via Docker Images

Imagine a scenario where you’ve just launched a shiny new web application and within minutes, your boss rushes into your office in a state of panic, shouting, ‘We’ve got a data leak!’ But wait, you think to yourself, you’ve been meticulous with security and have followed all the best practices. So what could have gone … Read more