SecurityResearch-101

After getting the basics of thick client pentest, let’s delve into the very first steps you can take to commence thick client pentest. Interception and setting up proxy of application. Thick clients can be broken down into two types based on proxy settings: 1    1)       Proxy aware      2)       Proxy unaware Proxy aware are those applications which has settings in the application itself to route through IP address and ports for the purpose of logging in the application as well as transmit and receive data. Whenever you log into the application, you will be given a prompt showing username/ password along with destination IP and port. In case where the application does not have such settings, and only accepts username and password for authentication, you have to redirect the traffic from the application to your system to the actual server. This is the case of proxy unaware thick clients. Let’s see how: The very first step involves in getting the hostname of the thick client applic

Hi Readers, today we will read on performing a penetration testing on thick clients. Why thick client penetration testing? Thick client applications are not new having been in existence for a long time, however if given to perform a pentest on thick clients, it is not as simple as a Web Application Pentest. Thick clients are majorly used across organizations for their internal operations. In this series of articles, we will learn various tools and techniques used to perform thick client application penetration testing. A step by step breakdown being deployed, we will discuss about starting with the very basics to the advanced test cases. Introduction Referenced under multiple names, such as: Fat client/Heavy client/Rich client/Thick client, such applications follow a client –server architecture . For an easy to understand approach, thick clients are applications which are deployed locally on our systems. Such as skype/ outlook. Thick clients can be developed using multiple languages

Reverse Engineering Flash- SWF : an overview... Reverse Engineering exes and linus applications is known. However another interesting thing to learn is flash reversing. This can be used for action-script analysis or offensive hacking both! Applying reverse engineering to browser components helps in catching vulnerabilities early in the  software development life cycle. Reverse engineering can help in identifying resources bundled on the  browser side and one can dissect them to determine different security issues and concerns. It contains reverse engineering the architecture of browser layer, fingerprinting components, discovery of cross  domain interactions, debugging calls, DOM inspection, decompiling components, inter-platform communication, socket calls inspection and vulnerability tracing Static code analysis– It is simple to perform static analysis across code running in the browser. JavaScript code is available in cleartext and it is possible to perform a revie