#securecoding

Thick Client (Desktop) Application Penetration Testing – Part-2

by
Thick Client (Desktop) Application Penetration Testing - Part-2

Privilege Escalation using RegShot DLL Hijacking Sensitive information in Memory (Dumping connection string from Memory) Let’s try to log in with this credential using HediSQL: Remediation: Sensitive information should be encrypted. If encryption is not possible, use obfuscation techniques based on the application’s severity. Passwords In Registry Remediation: Encrypt passwords before storage, or store garbage … Read more

Thick Client (Desktop) Application Penetration Testing – Part-1

by
Thick Client (Desktop) Application Penetration Testing - Part-1

INFORMATION GATHERING Using the tool CFF Explorer Using the SysInternal Suites Let’s start … Using the Tool Wireshark Using the Tool ProcMon (Login Credentials in Registry Entry) TRAFFIC ANALYSIS Traffic Analysis using Wireshark Filter technique 1 Filter technique 2 Using Tool Echo Mirage

Thick Client (Desktop) Application Penetration Testing

by
thick-client-desktop-application-penetration-testing

Introduction Thick client (Desktop) application penetration testing is the process of evaluating the security of a thick client application by simulating attacks to identify vulnerabilities. A thick client application, also known as a fat client, is a software program that runs on a local machine and communicates with a server or a database to perform … Read more

Unsegregated Docker Container Network

by
Unsegregated Docker Container Network

Welcome to the exciting world of Docker! If you’re a fan of containers and their many benefits, you’ll love this post on unsegregated container networks in Docker.But what exactly is an unsegregated docker container network, you ask? Think of it like a bustling city with different neighborhoods, each with its own unique character and charm. … Read more