🖥️ Think desktop apps are old news? Think again—many still harbor critical vulnerabilities waiting to be exploited. In this BSidesSLC 2025 talk, Santiago Gimenez Ocano and Ryan Syed (both security engineers at Praetorian) introduce Start - Recon - Exploit, a structured framework for testing desktop applications across Windows, macOS, and Linux environments. This session bridges the gap between web app pentesting and local application security with practical, real-world techniques. What you'll learn: -Key differences between web and desktop app security -How to assess vulnerabilities like DLL hijacking, IPC abuse, and post-install script flaws -Tools and tactics for manual and automated desktop app analysis -A systematic approach to reconnaissance, exploitation, and privilege escalation -Hands-on examples of vulnerabilities leading to real-world impact Whether you're a pentester expanding beyond web, or a product security engineer targeting desktop software, this talk provides actionable techniques and a repeatable methodology to test local applications effectively. 🎤 About the Speakers: Santiago Gimenez Ocano is a Lead Security Engineer at Praetorian with 65+ security engagements under his belt, ranging from web and cloud to IoT and CI/CD. He holds numerous certifications (CISSP, OSCP, CEH, and more) and is a black badge winner at SAINTCON. Ryan Syed is a Security Engineer at Praetorian with a strong background in application and network testing. He’s a reverse engineering and cryptography enthusiast with a growing focus on product security. 👉 Learn more about BSidesSLC: #BSidesSLC2025 #DesktopSecurity #ApplicationSecurity #SantiagoGimenez #RyanSyed #DLLHijacking #IPCExploits #PrivilegeEscalation #Praetorian #AppSec #ReverseEngineering #SecurityTesting #StartReconExploit