Thick Client Penetration Testing
You will learn how to do pentesting of Thick client applications on a local and network level, You will also learn how to analyze the internal communication between web services & API.
This presentation will provide a high level overview of the current role that desktop applications play in enterprise environments, and the general risks associated with different deployment models. It will also cover common methodologies, techniques, and tools used to identify vulnerabilities in typical desktop application implementations. Although there will be some technical content. The discussion should be interesting and accessible to both operational and management levels.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation will provide a high level overview of the current role that desktop applications play in enterprise environments, and the general risks associated with different deployment models. It will also cover common methodologies, techniques, and tools used to identify vulnerabilities in typical desktop application implementations. Although there will be some technical content. The discussion should be interesting and accessible to both operational and management levels.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Misconfiguration is define as configuration mistakes that results in unintended application behavior that includes misuse of default passwords, privileges, and excessive debugging information disclosure
How to Hunt for Lateral Movement on Your NetworkSqrrl
Â
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
Web application security is the process of securing confidential data stored online from unauthorized access and modification. This is accomplished by enforcing stringent policy measures.
A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web.
This presentation done at DeepSec 2014 focuses on using PowerShell for Client Side attacks. New scripts which are part of the open-source toolkit Nishang were also released. NIshang is toolkit in PowerShell for Penetration Testing
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
The slides here are part of my presentation at the Confraria0day meeting in March 2017. It is an introduction to the various HTTP security headers with some insights about them. It covers HSTS, HPKP, X-Frame-Options, Content Security Policy, X-XSS-Protection, X-Content-Type-Options, Referrer-Policy and Set-Cookie options.
Misconfiguration is define as configuration mistakes that results in unintended application behavior that includes misuse of default passwords, privileges, and excessive debugging information disclosure
How to Hunt for Lateral Movement on Your NetworkSqrrl
Â
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
Web application security is the process of securing confidential data stored online from unauthorized access and modification. This is accomplished by enforcing stringent policy measures.
A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web.
This presentation done at DeepSec 2014 focuses on using PowerShell for Client Side attacks. New scripts which are part of the open-source toolkit Nishang were also released. NIshang is toolkit in PowerShell for Penetration Testing
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
The slides here are part of my presentation at the Confraria0day meeting in March 2017. It is an introduction to the various HTTP security headers with some insights about them. It covers HSTS, HPKP, X-Frame-Options, Content Security Policy, X-XSS-Protection, X-Content-Type-Options, Referrer-Policy and Set-Cookie options.
Hacker Halted 2014 - Reverse Engineering the Android OSEC-Council
Â
Introduction to the Android OS. the Android Developers Kit, Android Emulators, Rooting Android devices, de-compiling Android Apps. Dex2jar, Java JD_GUI and so on. During the presentation I will pull an App apart and show how to bypass a login screen.
What better way to express the Zombie Apocalypse then with mobile devices. They are ubiquitous. they are carried everywhere, they go everywhere. Having a decent understanding of the Operating System and it’s vulnerabilities can go a long way towards keeping your device protected.
Talk given by Cem Gürkök, Lead InfoSec Engineer at Salesforce, at DockerCon 16 in June 2016
Customer trust and security is paramount for Salesforce. While containerization is great for DevOps due to flexibility, speed, isolation, transient existence, ease of management and patching, it becomes a challenging environment when the sensitivity level of the data traversing the environment increases. Monitoring systems, applications and network; performing disk, memory and network forensics in case of an incident; and vulnerability detection can easily become daunting tasks in such a volatile environment.
In this presentation we would like to discuss the infrastructure we have built to address these issues and to secure our Docker container platform while we rapidly containerize Salesforce. Our solutions focus on securing the container pipeline, building security into the architecture, monitoring, Docker forensics (disk, memory, network), and automation. We also would like to demonstrate some of our live memory analysis capabilities we leverage to assure container and application integrity during execution.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
A Hacker's Perspective on Embedded Device Security, presented by Paul Dant of Independent Security Evaluators at the Security of Things Forum, Sept. 10, 2015
Security is more critical than ever with new computing environments in the cloud and expanding access to the Internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments.
Speaking at Unmask Cybercrime, held by Surabaya Hacker Link. This session im talking about How to finding apps vulnerability and using MITM techniques for request monitoring between apps and REST Service.
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
Â
Tizen is an operating system which is built to run on various kinds of devices. Tizen OS defines following profiles based on the devices types supported.
Tizen IVI (in-vehicle infotainment)
Tizen Mobile
Tizen TV, and
Tizen Wearable
Samsung's first Tizen-based devices are set to be launched in India in Nov 2014. This paper presents the research outcome on the security analysis of Tizen OS. The paper begins with a quick introduction to Tizen architecture which explains the various components of Tizen OS. This will be followed by Tizen's security model, where Application Sandboxing and Resource Access Control powered by Smack will be explained.
The vulnerabilities in Tizen identified during the research and responsibly disclosed to Tizen community will be discussed. This includes issues like Tizen WebKit2 Address spoofing and content injection, Buffer Overflows, Issues in Memory Protection like ASLR and DEP, Injecting SSL Certificate into Trusted Zone, (Shellshock) CVE-2014-6271 etc. Applications in Tizen can be written in HTML5/JS/CSS or natively using C/C++. Overview of pentesting Tizen application will be presented along with some of the issues impacting the security of Tizen application. There will be comparisons made to Android application, and how these security issues differ with Tizen.
For eg: Security issues with inter application communication with custom URL schemes or intent broadcasting in Android as opposed to using MessagePort API in Tizen. Issues with Webview & JavaScript Bridge in Android compared to how the web to native communication is handled with Tizen etc.
Tizen is late to enter into the market as compared to Android or iOS, which gives it the benefit of learning from the mistakes impacting the security of mobile OS, and fixing these issues right in the Security Architecture. To conclude, a verdict would be provided by the speaker on how much Tizen has achieved with regard to making this mobile OS a secure one.
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
Â
Admit it: mobile is sexy. Unfortunately, companies are giving into corporate peer pressure and publishing mobile apps before integrating appsec into the mobile app development process. This gives attackers another venue of attack, one with the potential of circumventing the host, network, and application security controls that the security team has already implemented. The purpose of this presentation is to show attendees how attackers can deconstruct mobile apps to find these attack vectors and (more importantly) how to close these security holes before the apps are published to public app stores.
Securing the Container Pipeline at Salesforce by Cem Gurkok Docker, Inc.
Â
Customer trust and security is paramount for Salesforce. While containerization is great for DevOps due to flexibility, speed, isolation, transient existence, ease of management and patching, it becomes a challenging environment when the sensitivity level of the data traversing the environment increases. Monitoring systems, applications and network; performing disk, memory and network forensics in case of an incident; and vulnerability detection can easily become daunting tasks in such a volatile environment.
In this presentation we would like to discuss the infrastructure we have built to address these issues and to secure our Docker container platform while we rapidly containerize Salesforce. Our solutions focus on securing the container pipeline, building security into the architecture, monitoring, Docker forensics (disk, memory, network), and automation. We also would like to demonstrate some of our live memory analysis capabilities we leverage to assure container and application integrity during execution.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...Guglielmo Iozzia
Â
Slides from my talk at the Hadoop User Group Ireland meetup on June 13th 2016: building a data pipeline to ingest data from sources of different nature into Hadoop in minutes (and no coding at all) using the Open Source Streamsets Data Collector tool.
Similar to Thick Client Penetration Testing.pdf (20)
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
Â
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
Â
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
Â
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
Â
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
Â
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Â
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Â
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
Â
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Â
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Â
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. cat ~/.profile
# ~/.profile: executed by Bourne-compatible login shells.
if [ “ $IT Security Analyst " ]; then
if [ -f ~/.Application Security Engineer ]; then
. ~/.Web Application PenTester
. ~/.Source Code Reviewer
. ~/.Android Application PenTester
. ~/.Thick Client Application PenTester
fi
fi
mesg n 2> /OWASP/Kolkata_Lead || true.
3. Introduction
• Thick client applications, called desktop applications, are full-
featured computers that are connected to a network. Unlike thin
clients, which lack hard drives and other features, thick clients are
functional whether they are connected to a network or not. While a
thick client is fully functional without a network connection, it is
only a “client” when it is connected to a server. The server may
provide the thick client with programs and files that are not stored
on the local machine’s hard drive.
(Example – Skype, Microsoft Teams, Outlook , Slack, Zoom etc.)
• Thick client applications can be developed using various
programming languages such as:
âť‘ .Net/C#
âť‘ Java
âť‘ C/C++
âť‘ Microsoft Silverlight
4. Why Thick Client Penetration Testing?
Why it requires:
1
Commonly seen that enterprises use thick client for
internal purpose
2
Organizations mostly focus on web and mobile apps
penetration testing .
3
Thick Client Application have wide area attack surface. In
Organizations Thick Client Application are remain unnoticed
and vulnerable.
4
5
There are less resources available for Thick Client Penetration
Testing .
Manual Approach is the Key. There are no as such automated scanner
available which can Perform Vulnerability Assessment on thick client
application
5. Common Architecture of Thick Client Application
Two-Tier: The two-tier is based on Client-Server
architecture. The two-tier architecture is like a
client-server application. Direct communication
takes place between client and server. There is
no intermediate between client and server.
(Example- Music Player, Text Editor)
Three-Tier: The three-tier is based on Client -
Application Server - Database Server
architecture. The Application server is the
mediator between client and server, it transfers
data from client to server and vice versa.
(Example- Zoom, Microsoft Team, SKype)
6. Thick Client Penetration Testing WorkFlows or MindMap
1
Information Gathering
➢ Application Architecture
• Business Logic
➢ Platform Mapping
• Understanding Application
& Infrastructure
➢ Languages and Frameworks
• Common Low Handing
Fruits and CVEs
➢ Behavior Analysis
• Identify network
communication
• Observe the application
process
• Observe each functionality
• Identify all the entry points
• Analyze the security
mechanism (authorization
and authentication)
2 3
Client Side Attacks
➢ Files Analysis
• Sensitive Information Disclosure
➢ Memory Analysis
• Sensitive Information
Storage in Memory
• Memory Manipulation
➢ Binary Analysis
• Static Analysis
(De-compilation)
• Dynamic Analysis
(Run-Time Reverse Engineering)
➢ GUI Manipulation
• Display hidden form object
• Activate disabled functionalities
• Privilege Escalation
(unlocking admin features to
normal users)
➢ DLL Hijacking
Network Side Attacks
➢ Installation Traffics
• Sensitive Installation
Information
➢ Run Time Traffic
• Data Disclosure
• Vulnerable APIs
4
Server Side Attacks
➢ Network Layer Attacks
(TCP UDP Attacks)
• Flooding
• Overflows
➢ Layer 7 Attacks
• OWASP TOP 10
7. 10 Common Vulnerabilities in Thick Client Application
1
Sensitive Data in Memory
2
Hardcoded Password
3
4
Sensitive Data in Registry Keys
Denial of Service
5 Sensitive Data in Network Traffic
6
XXE
7
SQL Injection
8
9
Remote Code Execution
DLL Hijacking
10
Privilege Escalation (Unlocking
Admin features to Normal users)
8. Setup the Playground for Warm up
Download the Dummy native applications from the given repositories and
execute in your windows system for getting your hands dirty.
1 DVTA - Damn Vulnerable Thick Client Application developed in C# .NET.
2
3
DVJA - Damn Vulnerable Thick Client Application developed in JAVA (EE).
DVNA - Damn Vulnerable Thick Client Application developed in NodeJS.
9. Explore the tools that you need while Recon
Static tools – Identify arch,
languages & framework
• CFF Explorer
• PEid
• Detect It Easy (DIE)
• Strings
• Sysinternals Suite
• Sigcheck
De-compilers and
De-obfuscators
• dnSpy
• ILSpy
• DotPeek
• Jd-gui
• Procyon
• De4dot
• NeonFuscatorDeobfuscator
10. Explore the tools that you need while Client Side Attacks
File analysis – look for
sensitive information &
files
• Process Monitor
• Regshot
• Process Explorer
• Process Hacker
• dnSpy
• Strings
• Procmon
• Accessenum
Memory Analysis &
Fuzzing
• Winhex
• Volatility
• Tsearch
• Userdump
• Spike
• Sulley
• AFL
• WinAFL
• PESecurity
• HxD
Binary Analysis – Look
for code logic, hidden
function, validation
checks, API keys, and
comments etc.
• Ghidra
• IDA Pro
• X64dbg
• OllyDbg
• Immunity Debugger
• Radare2
• Frida
• Bytecode Viewer
• PE Explore
• Metasploit
Test for weak GUI
Control tools
• WinSpy++
• WinManipulate
• Windows Enabler
• Window Detective
• UISpy
• Snoop WPF
11. Explore the tools that you need while Network Side Attacks
Network sniffers – check
communication b/w client & server
• Wireshark
• TCPView
• Sysinternal
• SmartSniff
• Tcpdump
Proxy tools – Capture traffic between
client and local/server & allow us to
modify requests/response
• Echo mirage
• Burp Suite
• Fiddler
• MITM Relay
• Charles Web Proxy
12. Explore the tools that you need while Server Side Attacks
Miscellaneous Server Side Attack
• Attack Surface Analyzer (ASA)
• Stunnel
• mitm_relay
• Robber
• Dllspy
• Powerup/Sharpup
• HeidiSQL
• Metasploit
• Sqlmap
• Canape
Static Source Code Analysis
• VisualCodeGrepper
• SonarQube
• Agnitio
• FlawFinder
• .NET Security Guard
13. Practical Time
Let me show a Glimpse of Attack on DVTA
Have a cup of coffee and Catch Your Breath
14. Practical Session – I
❑ Check For Application Signing – SigCheck
âť‘ Internal Structure - CFF explorer / DIE
❑ Finding UNICODE (or ASCII) Character – Strings
❑ File system Monitoring – Procmon
âť‘ Inspecting Network - Wireshark and TCP View
❑ Insecure data storage – Regshot
âť‘ Finding more Strings - Process Hacker
âť‘ SQL Injection - Boolean based Blind
âť‘ DLL hijacking - Impulsive DLL Hijack tool
âť‘ Source Code Review - VisualCodeGrepper