Introduction A previously unknown zero-day vulnerability has been disclosed in the Microsoft’s Windows operating system that could help a local user or malicious program to obtain system privileges on the targeted machine. The vulnerability is a privilege escalation issue which resides in the Windows’ task scheduler program and occurred due to errors in the handling…
Category: Network Pentest
Thick Client Penetration Testing – Exploiting JAVA Deserialization Vulnerability for Remote Code Execution
Thick Client? What do you mean by that? Thick client is the kind of application which is installed on the client side and major of its processing is done at the client side only which is independent of the server. Like we installed some players or .EXE files in our windows system. Main difference between…
What Makes Penetration Testing Impactful – Post Exploitation
As a penetration tester, we often come across this riddle – What Makes Penetration Testing Really Impactful. As per penetration testing methodology – we identify vulnerability, prioritize the vulnerability considering the criticality of impacted assets, we obtain/modify/create an exploit, compromise the target system and we are all excited and happy. BUT, ‘whoami’ command output in…
Buffer Overflow Attacks
Introduction Buffer is a storage place in memory where data can be stored. It’s mostly bound in a conditional statements to check the value given by the user and enter it in to the buffer and if the value entered by user is more than the actual size of the buffer then it should not…
External Penetration Testing – Case Study
ABSTRACT External Penetration Testing consists of a reviewing and assessing the vulnerabilities that could be exploited by external users/Hacker without any credentials or without having any access to target system. The assessment basically plays vital role in ensuring perimeter security, infrastructure security of the organization which may or can leads to the impact of business…