New Training: Conduct Information Gathering Using Appropriate Techniques
In this 7-video skill, CBT Nuggets trainer Shawn Powers teaches you how to gather information on clients, networks, and businesses using various pentesting procedures. Watch this new CompTIA training.
Learn CompTIA with one of these courses:
This training includes:
- 7 videos
- 41 minutes of training
You’ll learn these topics in this skill:
- Introduction to Information Gathering
- Scanning Hosts
- Enumerating Hosts for Specific Details
- Digging Deeper into Fingerprinting and Cryptography
- Eavesdropping for Data
- Decompiling and Debugging for Data
- Using Open Source Intelligence Gathering
How Do You Reverse Engineer Applications to Find Security Flaws?
An important part of performing penetration testing is reverse engineering applications to find critical flaws. How do you reverse engineer applications, though?
One of the most common ways of discovering exploits in applications is by using a process called Fuzzing. A fuzzing program is a utility designed to debug applications by rapidly inputting random and unexpected data to it. These random blobs of data help to uncover programming bugs like buffer overruns or un-sanitized inputs. Pen testers can then use those exploits to gain access to an application or a system it is running on.
Another common practice is using a decompiler. A decompiler can peek at an application and convert it back to source code. Though the source code may not be in its original form, the decompiled application offers pen testers a chance to look behind the curtain and see how an application runs. This gives pen testers a chance to find vulnerabilities in an application.
Using fuzzing techniques and decompilers are only two ways to decompile and debug applications to find security flaws, though. Both methods are disciplined practices that require intimate knowledge of how computers and software operate.