TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

Intro to Desktop Application Testing Methodology

BHIS · 2024-11-11 · Read original ↗

ATT&CK techniques detected

16 predictions
T1574.001DLL
98%
“you can run strings on that and you can find a lot of interesting stuff. because this thing will have data in memory that is potentially sensitive. would have like api keys, creds, private, cryptographic keys that you might be able to then leverage against other stuff that hopefu…”
T1055.001Dynamic-link Library Injection
97%
“through this methodology. this is not anything they would care about. so it ’ s not like a irresponsible disclosure when i ’ m doing this like this. so please don ’ t get angry. canva, you can check application signing with sysinternal suite has got a tool called sigcheck. basica…”
T1040Network Sniffing
93%
“concept exploit, you kind of need to know that, i don ’ t typically get that far during a pen test if it ’ s only like a week. but that would be the next step, someone said. jason blanchard is tcp view like wireshark? craig vincent no, not in that it captures packets and stuff. i…”
T1055.001Dynamic-link Library Injection
88%
“. i did want to mention, this was something that was interesting. when i was looking at the files for this thing, going through my, the files i got added to the system, they had like a licensing thing for electron. and so just looking at that stuff kind of you like say, okay, wel…”
T1574.001DLL
87%
“that filter and you can look at all the proclamation has everything. so you just look for your target processes that are looking for dls that it can ’ t find. and what you do there is you just put your malicious dl in there and it gets loaded and run. and this has applications fo…”
T1574.001DLL
84%
“talk about some practical ways to prevent dll hijacking? craig vincent no, not really. just make sure you ’ re not trying to import. make sure you ’ re including dlls. that you ’ re trying to import with your product. i guess that ’ s about it. because there ’ s other things, lik…”
T1588.002Tool
84%
“based? and does this complicate the testing methodology? craig vincent i don ’ t know. my sample size is not large enough to give an authoritative answer on that. but i understand that it ’ s a pretty popular technology. jason blanchard do you like process hacker virustotal marke…”
T1040Network Sniffing
76%
“, i can pretty much tell that it ’ s that they ’ re good and i don ’ t suck. so, yeah. deb wigley nice. jason blanchard cool. deb, do you have another question? deb wigley yes, i do. i sure do. what method do you use to proxy traffic for desktop apps that don ’ t honor the system…”
T1055.001Dynamic-link Library Injection
72%
“so if you ’ ve got like, for some reason a highly privileged process or software that loads your dll, you ’ re now running with those privileges. and that could be a higher privilege level than what you would have as like a normal user. right? other, interesting side effects. i w…”
T1574.001DLL
62%
“like the system directory and then like i think another directory and then it looks like at your path variable. i don ’ t remember off the top of my head, but it ’ s basically that ’ s where it goes to look for these, these dlls. and if you can write a dll of the same name to som…”
T1113Screen Capture
60%
“at black. deb wigley mhm. craig vincent because you have to or else bad things happen. not just, not just, not just angry calls from john, but like, just bad things in general happen. like document everything as you ’ re. as you ’ re, as you ’ re working in hacking. jason blancha…”
T1588.002Tool
53%
“test puppy mills and how it doesn ’ t have to be like that, that. and i was like, okay, let me try that. so it was back to square one. home lab, intentionally vulnerable vms, like a damn vulnerable web app, like, just learning hacking skills, right? so that led to me getting a se…”
T1588.002Tool
39%
“tests. i study computer science, computer security and math. in college, that ’ s kind of how i got into infosec in terms of learning, security stuff from technical perspective. and they also kind of point us and they ’ re like, hey, there ’ s a thing called defcon. there ’ s thi…”
T1055.001Dynamic-link Library Injection
36%
“like the system directory and then like i think another directory and then it looks like at your path variable. i don ’ t remember off the top of my head, but it ’ s basically that ’ s where it goes to look for these, these dlls. and if you can write a dll of the same name to som…”
T1588.006Vulnerabilities
35%
“a lot of the report writing that happens at black hills. question, do you leverage ai while pen testing? craig vincent i, do not. jason blanchard why not? craig vincent i just haven ’ t, i haven ’ t found. i might soon. so i ’ ve heard people doing cool stuff with it for getting …”
T1055.001Dynamic-link Library Injection
33%
“that filter and you can look at all the proclamation has everything. so you just look for your target processes that are looking for dls that it can ’ t find. and what you do there is you just put your malicious dl in there and it gets loaded and run. and this has applications fo…”

Summary

In this video, experts delve into the intricacies of desktop application penetration testing methodologies.

The post Intro to Desktop Application Testing Methodology appeared first on Black Hills Information Security, Inc..