RECONNAISSANCE

🔦 Reconnaissance is process in which we gather information about the application, and also the host/client on which the application is running. To understand its functional and non functional requirements.

Recon can be done at different levels of the computing environment for a thick client :

  • Application level

  • Host level

  • Storage level

  • Network level

Some of the information we can get during this process are:

  • Application structure, design, functionality and the way its built (Technology stack)

  • File and folder access done by the application

  • Application Network traffic to understand its communication with the server

  • Scanning for sensitive data stored in the application package, as application might have some information disclosure.

  • Information gathering regarding host is also important as we can check if we can exploit host vulnerability to exploit an application

💠 Application Level

  1. Improper error handling

  2. SQL Injection

  3. Parameter Tampering

  4. File Upload

  5. Insecure storage

  6. Broken authentication & Session management

  7. Business Logic

  8. Denial of service

  9. Buffer overflow

  10. Digital signature verification (SignTool)

💠Host Level

  1. Cracking windows system Password

  2. Windows system Privilege Escalation

  3. DLL Injection

💠Storage Level

  1. Logs

  2. Cache files

  3. Configuration files

💠Network Level

  1. Intercept network calls (HTTP, TCP or Sockets communication )

PreviousTHREAT MODEL & TEST CASESNextINTERCEPTION

Last updated

Was this helpful?