- This topic has 1 reply, 2 voices, and was last updated 2 years, 4 months ago by .
- You must be logged in to reply to this topic.
Tagged: Application Testing
This goes with what I want to do with my home pentest lab that I am working on. I am an avid gamer and enjoy, not just the game, but the community that makes the game what it is. In this case, one of the games I actively play, Thin Infinite Black (TIB) by Spellbook Studios, is actively developing a follow up to that game and will be opening it to the community that backed its’ Kickstarter to do beta testing. So my current plan is to be brutal to the client application. The client application is cross-platform and can be found for Android, iOS, Mac, and Linux.
The current application makes me wonder what I will find with the new version. Since there is a EULA in place, I have not really poked around the current version as I don’t feel like getting banned. However, my plan is slightly different for the beta.
The plan:
1. Get permission form developer
2. Install in a VM
3. Attach to debugger (x64debug)
4. Setup network sniffer (Wireshark)
5. Hunt down any xml files
6. Use a proxy (Burp Suite or similar)
After all that is set up, my plan is to fuzz whatever I can fuzz as well as look at the traffic it generates to see what I can find there. As of right now I am not planning anything against the server nor modifying the client.
What do you all think?
https://www.spellbook.com/tib/
https://x64dbg.com/#start
https://portswigger.net/burp/
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
https://www.wireshark.org/#download
I think that sounds like a plan.
It is great to have an objective for your home lab, and with permission from the developer you will have room to move. I would like to learn about the permission and how it is expressed. I would also be glad to learn of interesting developments along the way (hopefully not getting banned).
– EH-Net Live! Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!
– EH-Net Live! Sept – Video & Deck Available Now! for “Android Hacking Proving Ground!” w/ Kyle Benac from Sept 24.
– EH-Net Live! Aug – Video & Deck Available Now! for “TryHackMe – Behind the Curtain” w/ Ben Spring and Ashu Savani from Aug 27.
– EH-Net Live! June – Video & Deck Available Now! for “CISO Underrepresented” w/ Mark Arnold and Steph Ihezukwu from June 30.
– EH-Net Live! May – Video & Deck Available Now! for “Bad As You Want To Be – Adversary Emulation Basics” w/ Jake Williams from May 28.
See all EH-Net Live! Videos
More on the EH-Net YouTube Channel
There are no upcoming events at this time.
Copyright ©2021 Caendra, Inc.