Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Attacking Thick Client Application by @j33n1k4

Owasp
May 28, 2022

Attacking Thick Client Application by @j33n1k4

Owasp

May 28, 2022
Tweet

More Decks by Owasp

Other Decks in Education

Transcript

  1. Hello! I am Jeenika ▷ Security Consultant at Securelayer7 ▷

    OSCP Certified ▷ Offensive Security Enthusiast & a Researcher ▷ Curious Minded and a Learner ▷ Technical Blogger ▷ Speaker ▷ Arsenal Fan 2
  2. Agenda ✓ What are Thick Client Applications? ✓ What are

    Thin Client Applications? ✓ Thick Client vs Thin Client ✓ Common Vulnerabilities in Thick Client Applications ✓ List of Useful tools 3
  3. THICK CLIENT APPLICATIONS A thick client, also known as Fat

    Client is a client in client– server architecture or network and typically provides rich functionality, independent of the server. In these types of applications, the major processing is done at the client side and involves only aperiodic connection to the server. 5
  4. THIN CLIENT APPLICATIONS A thin client is a computer that

    runs from resources stored on a central server instead of a localized hard drive. Thin clients work by connecting remotely to a server-based computing environment where most applications, sensitive data, and memory, are stored. 7
  5. 9 THICK CLIENT ▷ Installed on Client (Local Computer) ▷

    Uses computer resources ▷ Periodically syn with server remotely ▷ Common ports & protocols: SMTP, TCP, HTTP/HTTPS, NetBIOS, SMB THIN CLIENT ▷ Web applications accessed through the web browser ▷ Completely processing on the server side
  6. 11

  7. Resources: 1. DVTA 2.0 2. BetaFast 3. Introduction to Hacking

    Thick 4. Thin Client vs Thick Client? (7 Brilliant Differences) 5. Thick Client Penetration Testing Methodology 6. Practical thick client application penetration testing using damn vulnerable thick client app: An introduction 7. Thick Client Pentesting Checklist 8. Thick Client Security-Security Features ASLR, DEP & CFG Not Enabled 9. Thick Client Penetration Testing on DVTA 10. Hacking Thick Clients 12