Thick Client Penetration Testing Tutorials - Part 4 ( Memory Forensics/ Reversing)
Static Analysis/ Reverse Engineering for Thick Clients Penetration Testing 4 Hi Readers, let’s take a look into static analysis. The advantage which thick clients offer over web applications are the ability to inspect the code and perform code level fuzzing which is more interesting for me! How to inspect code at a static level? There are many test cases which aid us to perform static analysis. Some of these include: 1 1) Memory Level Protection Checks ( DEP / ASLR) 2 2) String based analysis to find information 3 3) Configuration File checks 4 4) Memory inspection to find hardcoded passwords 5 5) Reverse Code Level Logic to bypass checks/ licences 1. To check memory level protections , we can use the free system internals suite by Microsoft ( https:/...