Professional Documents
Culture Documents
PENTESTING CHECKLIST
/
INFORMATION GATHERING
om
t.c
1. Information Gathering
po
☐ Find out the application architecture (two-tier or three-tier)
gs
☐ Find out the technologies used (languages and frameworks)
☐ Identify network communication
b lo
h.
2. Tools Used
s:
☐ CFF Explorer
tp
☐
ht
Sysinternals Suite
☐ Wireshark
☐ PEid
☐ Detect It Easy (DIE)
☐ Strings
GUI TESTING
/
om
t.c
3. Test For GUI Logic
☐
po
Try for access control and injection-based vulnerabilities
gs
☐ Bypass controls by utilizing intended GUI functionality
☐ Check improper error handling
b lo
h.
☐ Check weak input sanitization
nt
4. Tools Used
ar
☐
//h
UISpy
☐
s:
Winspy++
tp
☐ Window Detective
ht
☐ Snoop WPF
FILE TESTING
/
om
3. Test For File Content Debugging
☐ Look for sensitive information on the file system (symbols, sensitive
t.c
data, passwords, configurations)
po
☐ Look for sensitive information on the config file
gs
☐ Look for Hardcoded encryption data
b lo
☐
h.
Look for Clear text storage of sensitive data
nt
/
om
8. Test For Decryption And DE obfuscation
t.c
☐ Try to recover original source code
po
☐ Try to retrieve passwords and keys
gs
☐ Test for lack of obfuscation
lo
b
h.
☐ Strings
ar
☐ dnSpy
//h
☐
s:
Procmon
tp
☐ Process Explorer
ht
☐ Process Hacker
REGISTRY TESTING
/
om
☐ Compare the registry before and after executing the application
t.c
po
3. Test For Registry Manipulation
gs
☐ Try for registry manipulation
☐ lo
Try to bypass authentication by registry manipulation
b
h.
4. Tools Used
☐
ra
Regshot
ip
☐ Procmon
ar
☐
//h
Accessenum
s:
tp
ht
NETWORK TESTING
2. Tools Used
☐ Wireshark
/
om
☐ TCPview
t.c
po
ASSEMBLY TESTING
gs
1. Test For Assembly b lo
☐ Verify Address Space Layout Randomization (ASLR)
h.
☐
nt
Verify SafeSEH
a
☐
ra
☐ Verify ControlFlowGuard
ar
☐
//h
Verify HighentropyVA
s:
tp
2. Tools Used
ht
☐ PESecurity
MEMORY TESTING
/
om
t.c
3. Test For Run Time Manipulation
☐
po
Try to analyze the dump file
gs
☐ Check for process replacement
☐ lo
Check for modifying assembly in the memory
b
h.
☐ Try to debug the application
nt
4. Tools Used
ar
☐
//h
Process Hacker
☐
s:
HxD
tp
☐ Strings
ht
TRAFFIC TESTING
2. Tools Used
☐ Echo Mirage
☐ MITM Relay
/
om
☐ Burp Suite
t.c
po
COMMON VULNERABILITIES TESTING
gs
1. Test For Common Vulnerabilities
lo
b
☐ Try to decompile the application
h.
☐
nt
☐
ra
☐
//h