search
LinkedInGithub
githubEdit

info

Thick client application are considered to be less secure and considered more complex applications.

hashtag
Information gathering

Identify programming language, technology and how the application and the infrastructure work.

Tools

  • CFF Explorer

  • Detect-It-Easy

  • Process Monitor

  • Strings

hashtag
Client-side attacks

Vulnerabilities can be found

  • Command injection

  • Weak access control

  • SQL injection

  • Tokens

  • Hardcoded credentials

  • Sensitive information in source code

Dynamic analysis tool (sensitive information memory)

  • Ghidra

  • IDA

  • OllyDBG

  • Radare2

  • DnSPY

  • X64DBG

  • JADX

  • Frida

hashtag
Network side attacks

hashtag
Server-side attacks

  • Server-side attacks are similar to web application attacks (OWASP top 10)

HTB module: https://academy.hackthebox.com/module/113/section/2139

Previouscompile-decompileNextthick-client-application

Last updated