Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Thick Client Application Penetration Testing
Course Introduction
Course Introduction (1:37)
Help and Support
Downloadables
Introduction and Lab Setup
Introduction to Thick Client Applications (4:12)
Lab Setup - Part 1 (2:04)
Lab Setup - Part 2 (18:44)
The Pre-Course Challenge (2:32)
Reversing + Configuring the server (10:48)
Information Gathering
Introduction (1:52)
Installing tools (4:11)
Network connections with tcpview (2:24)
Network connections with Wireshark (2:55)
Exploring PE file with CFF Explorer (1:04)
File system monitoring with Procmon (9:44)
Traffic Analysis for Thick Client Applications
Introduction (1:29)
Installing tools (8:20)
Wireshark (3:48)
Echo Mirage (6:22)
Mitm Relay + Burp Suite (10:11)
Attacking Thick Client Applications
Hardcoded strings (5:20)
Privilege Escalation via insecure data storage (5:33)
Dumping Connection String from memory (8:09)
SQL Injection (3:32)
Side Channel Data Leaks (4:06)
Unreliable logs (1:41)
DLL Hijacking (11:43)
Reversing and Patching
Introduction and tools (10:54)
Decompiling with DotPeek (8:52)
Recreating the decryption logic (7:07)
Runtime tracing with DnSpy (5:15)
Patching with Reflexil (6:20)
Patching with ilasm & ldasm (8:02)
Common Low Hanging Fruits
Application Signing (1:17)
Compiler Protections (2:29)
Automated Source Code Scanning (5:55)
Conclusion
Conclusion (0:25)
Teach online with
Privilege Escalation via insecure data storage
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock