Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Attacking Thick Client Application by @j33n1k4

8af9592190302948f7a16a2df2e0026d?s=47 Owasp
May 28, 2022

Attacking Thick Client Application by @j33n1k4

8af9592190302948f7a16a2df2e0026d?s=128

Owasp

May 28, 2022
Tweet

More Decks by Owasp

Other Decks in Education

Transcript

  1. Attacking Thick-Client Applications By: Jeenika Anadani

  2. Hello! I am Jeenika ▷ Security Consultant at Securelayer7 ▷

    OSCP Certified ▷ Offensive Security Enthusiast & a Researcher ▷ Curious Minded and a Learner ▷ Technical Blogger ▷ Speaker ▷ Arsenal Fan 2
  3. Agenda ✓ What are Thick Client Applications? ✓ What are

    Thin Client Applications? ✓ Thick Client vs Thin Client ✓ Common Vulnerabilities in Thick Client Applications ✓ List of Useful tools 3
  4. 1. What are Thick Client Applications? 4

  5. THICK CLIENT APPLICATIONS A thick client, also known as Fat

    Client is a client in client– server architecture or network and typically provides rich functionality, independent of the server. In these types of applications, the major processing is done at the client side and involves only aperiodic connection to the server. 5
  6. 2. What are Thin Client Applications? 6

  7. THIN CLIENT APPLICATIONS A thin client is a computer that

    runs from resources stored on a central server instead of a localized hard drive. Thin clients work by connecting remotely to a server-based computing environment where most applications, sensitive data, and memory, are stored. 7
  8. 3. Thick Client VS Thin Client 8

  9. 9 THICK CLIENT ▷ Installed on Client (Local Computer) ▷

    Uses computer resources ▷ Periodically syn with server remotely ▷ Common ports & protocols: SMTP, TCP, HTTP/HTTPS, NetBIOS, SMB THIN CLIENT ▷ Web applications accessed through the web browser ▷ Completely processing on the server side
  10. 3. Common Vulnerabilities 10

  11. 11

  12. Resources: 1. DVTA 2.0 2. BetaFast 3. Introduction to Hacking

    Thick 4. Thin Client vs Thick Client? (7 Brilliant Differences) 5. Thick Client Penetration Testing Methodology 6. Practical thick client application penetration testing using damn vulnerable thick client app: An introduction 7. Thick Client Pentesting Checklist 8. Thick Client Security-Security Features ASLR, DEP & CFG Not Enabled 9. Thick Client Penetration Testing on DVTA 10. Hacking Thick Clients 12
  13. Thanks! Any questions? You can find me at: Twitter: @j33n1k4

    LinkedIn: jeenika 13