Security in thick-client application has been considered as "not necessary or not required" . This misconception has been rooted in developers' mind and it has shaped the way they develop critical applications.
Thus, we've started our first release of Thick-client application security testing training series using trivial consumer-based applications. We'll be adding more videos later on.
Tools and techniques used in our movies are not the only way to get through. There are many other alternatives to achieve the same goal.
Data in Process [ Download][Top]
Sensitive information should be encrypted while being processed in the application memory. In this demo, we try to find out password characters whether they are encrypted.
Data at Rest [ Download][Top]
Sensitive information should be encrypted when it is saved at client's workstatation. Again encryption should not be reused. In this demo, we try to find out password characters whether they are encrypted and can be re-used.
Data in Transit[Top]
Secure channel should be used when sensitive information is transmited over network.
Finding sensitive information in application traffic; in this demo we try to find out password characters whether they are inside secure encrypted SSL channels.
From Obfuscated password to Brute Force to Account Compromise; in this demo, we try to recover clear-text password characters that are encapsulated in challenge-response based application traffic. It should be noted that even though sensitive information is not revealed in plain-text, there will be ways to recover it unless the application implements public-key cryptography. If you'd like to reproduce steps in the demo movie, you need to possess foundation knowledge on Vmware or VirtualBox, and Linux IP Forwarding.
There are certain situations that can inadvertently affect the application's executation flow. One of the all-time favorite ones is Buffer Overflow exploit. However, hundreds of resources have been dedicated to this topic for several years now - hence we not dig into it here. We would like to discuss:
Finding DLL Hijacking vulnerability manually - in this demo, we attempt to hijack DLL files that was loaded by a software installer from the directory where the installer is executed. [ Download]