Desktop App Security Archives

Thick Client (Desktop) Application Penetration Testing – Part-2

July 12, 2024 by Ashok Karki (infoalth)

Privilege Escalation using RegShot DLL Hijacking Sensitive information in Memory (Dumping connection string from Memory) Let’s try to log in with this credential using HediSQL: Remediation: Sensitive information should be encrypted. If encryption is not possible, use obfuscation techniques based on the application’s severity. Passwords In Registry Remediation: Encrypt passwords before storage, or store garbage … Read more

Thick Client (Desktop) Application Penetration Testing – Part-1

July 12, 2024 by Ashok Karki (infoalth)

INFORMATION GATHERING Using the tool CFF Explorer Using the SysInternal Suites Let’s start … Using the Tool Wireshark Using the Tool ProcMon (Login Credentials in Registry Entry) TRAFFIC ANALYSIS Traffic Analysis using Wireshark Filter technique 1 Filter technique 2 Using Tool Echo Mirage

Thick Client (Desktop) Application Penetration Testing

July 12, 2024 by Ashok Karki (infoalth)

Introduction Thick client (Desktop) application penetration testing is the process of evaluating the security of a thick client application by simulating attacks to identify vulnerabilities. A thick client application, also known as a fat client, is a software program that runs on a local machine and communicates with a server or a database to perform … Read more