RECONNAISSANCE

🔦 Reconnaissance is process in which we gather information about the application, and also the host/client on which the application is running. To understand its functional and non functional requirements.

Recon can be done at different levels of the computing environment for a thick client :

• Application level

• Host level

• Storage level

• Network level

Some of the information we can get during this process are:

• Application structure, design, functionality and the way its built (Technology stack)

• File and folder access done by the application

• Application Network traffic to understand its communication with the server

• Scanning for sensitive data stored in the application package, as application might have some information disclosure.

• Information gathering regarding host is also important as we can check if we can exploit host vulnerability to exploit an application

💠 Application Level

1. Improper error handling

2. SQL Injection

3. Parameter Tampering

4. File Upload

5. Insecure storage

6. Broken authentication & Session management

7. Business Logic

8. Denial of service

9. Buffer overflow

10. Digital signature verification (SignTool)

💠Host Level

1. Cracking windows system Password

2. Windows system Privilege Escalation

3. DLL Injection

💠Storage Level

1. Logs

2. Cache files

3. Configuration files

💠Network Level

1. Intercept network calls (HTTP, TCP or Sockets communication )