SlideShare a Scribd company logo

Reverse_Engineering_Thick-clients

Download as PPTX, PDF
Steve Markey, profile picture
Steve Markey

This document discusses reverse engineering thick-client applications. It begins with an overview of thick clients, noting they provide local software that connects to server software via TCP/IP sockets. It describes the attack surface of thick clients, including potential for rootkits, cache/registry corruption, and information disclosure due to local software and storage. Tools that can be used for reverse engineering thick clients are also outlined, such as decompilers, profilers, proxies and sniffers. An example reverse engineering process using these tools on a Java thick client is then provided.

1 of 7
Downloaded 35 times
1
2
3
4
5
6
7
Steven C. Markey,MSIS,PMP,CISSP,CIPP/US,CISM,CISA,STS-EV,CCSK Principal,nControl,LLC AdjunctProfessor Reverse Engineering Thick-clients
• Agenda – Thick-client Overview – Attack Surface – Reverse Engineering Thick-clients Reverse Engineering Thick-clients
Reverse Engineering Thick-clients • Thick-client Overview – “Old School” • Local Software & Occasional Local Storage – Local Software Connecting to Server Software • Traditionally Installed Local Software via TCP/IP Sockets • Web Delivered Local Software via TCP/IP Sockets • Web Delivered Local Software via HTTP/S – Alternative to Web/Thin Clients • Occasionally More Efficient • Allows for Interaction with Local Office Automation Software • Allows for Syncing/Batch Uploads for Offline Use
Reverse Engineering Thick-clients • Thick-client Attack Surface – Local Software & Local Storage = Local Exposures • Rootkits • Cache & Registry Corruption • Information Disclosure – One-off Exposures • Access to Office Automation Software Exposures – Ignorance is Bliss • Assumed Lack of Attack Surface – Can Still Proxy Requests – Sniffers Can Be Goldmines • Overreliance on Data in Transit Crypto Protections • Overreliance on Segregation of Duties & Access Controls
Reverse Engineering Thick-clients • Reverse Engineering Thick-clients – Tools • Decompilers: Dotpeek, Reflector, JustDecompile, ILSpy, DILE, PEBrowse, Java Decompile, Mocha & DJ Java Compiler • Profilers: Eclipse – Test & Performance Tools Platform (TPTP), MSVS – MSIL Disassembler (lldasm), YourKit & DTrace • Proxies: Burp – Wsdler.jar, BurpJDSer.jar, ZAP & Paros • Sniffers: Wireshark – Access • Binaries • Local Files, Storage & Office Automation Plugins
Reverse Engineering Thick-clients • Example – App • Java Swing TCP-based Thick-client  AWS EC2 Java 7 – AWS AMI Linux Distro, Executable JAR on Server & Local MySQL – Windows 8.1, Java 7 – Tools • Decompilers: DJ Java Decompiler & Mocha • Profilers: YourKit • Proxies: Burp – Wsdler.jar, BurpJDSer.jar • Sniffers: Wireshark – Access • Binaries, Local Files, Storage & Office Automation Plugins
• Questions? • Contact – Email: steve@ncontrol-llc.com – LinkedIn: http://www.linkedin.com/in/smarkey – Twitter: markes1

More Related Content

PDF
Thick Application Penetration Testing - A Crash Course
NetSPI
 
PPT
Thick client application security assessment
Sanjay Kumar (Seeking options outside India)
 
PDF
Fuzzing and You: Automating Whitebox Testing
NetSPI
 
PDF
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
NetSPI
 
PPTX
Thick client pentesting_the-hackers_meetup_version1.0pptx
Anurag Srivastava
 
PDF
Thick Application Penetration Testing: Crash Course
Scott Sutherland
 
PDF
WTF is Penetration Testing
NetSPI
 
PPTX
Extracting Credentials From Windows
NetSPI
 
Thick Application Penetration Testing - A Crash Course
NetSPI
 
Thick client application security assessment
Sanjay Kumar (Seeking options outside India)
 
Fuzzing and You: Automating Whitebox Testing
NetSPI
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
NetSPI
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Anurag Srivastava
 
Thick Application Penetration Testing: Crash Course
Scott Sutherland
 
WTF is Penetration Testing
NetSPI
 
Extracting Credentials From Windows
NetSPI
 

What's hot (20)

PDF
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
PDF
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
PDF
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Scott Sutherland
 
PDF
Integrating Black Duck into Your Environment with Hub APIs
Black Duck by Synopsys
 
PDF
How we breach small and medium enterprises (SMEs)
NCC Group
 
PDF
Ch 6: Attacking Authentication
Sam Bowne
 
PPTX
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
jonmccoy
 
PDF
Addios!
Chong-Kuan Chen
 
PDF
Is Your Mobile App Secure?
Sam Bowne
 
PDF
CNIT 126: Ch 2 & 3
Sam Bowne
 
PDF
Ch 10: Attacking Back-End Components
Sam Bowne
 
PDF
Attack all the layers secure 360
Scott Sutherland
 
PPTX
Exploiting appliances presentation v1.1-vids-removed
NCC Group
 
PDF
CNIT 129S Ch 4: Mapping the Application
Sam Bowne
 
PDF
Don't Let Open Source be the Deal Breaker In Your M&A
Black Duck by Synopsys
 
PDF
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
PDF
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Sam Bowne
 
PDF
CISSP Prep: Ch 9. Software Development Security
Sam Bowne
 
PDF
Ch 7: Attacking Session Management
Sam Bowne
 
PDF
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
Sam Bowne
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Scott Sutherland
 
Integrating Black Duck into Your Environment with Hub APIs
Black Duck by Synopsys
 
How we breach small and medium enterprises (SMEs)
NCC Group
 
Ch 6: Attacking Authentication
Sam Bowne
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
jonmccoy
 
Addios!
Chong-Kuan Chen
 
Is Your Mobile App Secure?
Sam Bowne
 
CNIT 126: Ch 2 & 3
Sam Bowne
 
Ch 10: Attacking Back-End Components
Sam Bowne
 
Attack all the layers secure 360
Scott Sutherland
 
Exploiting appliances presentation v1.1-vids-removed
NCC Group
 
CNIT 129S Ch 4: Mapping the Application
Sam Bowne
 
Don't Let Open Source be the Deal Breaker In Your M&A
Black Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Sam Bowne
 
CISSP Prep: Ch 9. Software Development Security
Sam Bowne
 
Ch 7: Attacking Session Management
Sam Bowne
 
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
Sam Bowne
 
Ad

Viewers also liked (20)

PPTX
Alpha and Omega: Program Outcomes to the Capstone
ERAUWebinars
 
PPT
ICS_Cybersecurity_FINAL
Steve Markey
 
PPTX
Maotchitim
joliff
 
PPT
Presentatie hrm inspiratiedag
Esther Mallant
 
PPT
Securing_Medical_Devices_v5
Steve Markey
 
PPTX
Secure_Development_ISSA_v4
Steve Markey
 
PDF
MARIA AUXILIADORA
Vale Verdesoto
 
PPTX
Cloud_Computing_IIMC_v1
Steve Markey
 
PPTX
Passion, Persistence, and Patience: The Search for Amelia Earhart
ERAUWebinars
 
PPTX
Webinar Slides-Three Knows to Great Writing Nov 4 2014
ERAUWebinars
 
PPT
SSO_Good_Bad_Ugly
Steve Markey
 
PPT
e-Discovery_2_Cloud_v5
Steve Markey
 
PPTX
Going_Mobile_101_IIMC_v5
Steve Markey
 
PPTX
Vendor_Mgmt_101_IIMC_v2
Steve Markey
 
PDF
ERAU Webinar Slides: Global Business Environment--China Trip
ERAUWebinars
 
PDF
Na it infographic_fnl
Thuyly Vu
 
PPT
Cryptov2 v1
Steve Markey
 
PDF
FOJ Marketing 2015
Erin Perkins
 
PPTX
Safety webinar with mark friend
ERAUWebinars
 
PPT
Securing_Dbs_in_Cloud_v12
Steve Markey
 
Alpha and Omega: Program Outcomes to the Capstone
ERAUWebinars
 
ICS_Cybersecurity_FINAL
Steve Markey
 
Maotchitim
joliff
 
Presentatie hrm inspiratiedag
Esther Mallant
 
Securing_Medical_Devices_v5
Steve Markey
 
Secure_Development_ISSA_v4
Steve Markey
 
MARIA AUXILIADORA
Vale Verdesoto
 
Cloud_Computing_IIMC_v1
Steve Markey
 
Passion, Persistence, and Patience: The Search for Amelia Earhart
ERAUWebinars
 
Webinar Slides-Three Knows to Great Writing Nov 4 2014
ERAUWebinars
 
SSO_Good_Bad_Ugly
Steve Markey
 
e-Discovery_2_Cloud_v5
Steve Markey
 
Going_Mobile_101_IIMC_v5
Steve Markey
 
Vendor_Mgmt_101_IIMC_v2
Steve Markey
 
ERAU Webinar Slides: Global Business Environment--China Trip
ERAUWebinars
 
Na it infographic_fnl
Thuyly Vu
 
Cryptov2 v1
Steve Markey
 
FOJ Marketing 2015
Erin Perkins
 
Safety webinar with mark friend
ERAUWebinars
 
Securing_Dbs_in_Cloud_v12
Steve Markey
 
Ad

Similar to Reverse_Engineering_Thick-clients (6)

PDF
Thick Client Testing Basics
NSConclave
 
PDF
Thick Client Penetration Testing.pdf
SouvikRoy114738
 
PDF
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
ElanusTechnologies
 
DOCX
Thin client
ssuser1eca7d
 
PPTX
GTB DLP Suite Presentation
gtbsalesindia
 
PDF
Gtb Dlp Suite Presentation
gtbsalesindia
 
Thick Client Testing Basics
NSConclave
 
Thick Client Penetration Testing.pdf
SouvikRoy114738
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
ElanusTechnologies
 
Thin client
ssuser1eca7d
 
GTB DLP Suite Presentation
gtbsalesindia
 
Gtb Dlp Suite Presentation
gtbsalesindia
 

Reverse_Engineering_Thick-clients

  • 2. • Agenda – Thick-client Overview – Attack Surface – Reverse Engineering Thick-clients Reverse Engineering Thick-clients
  • 3. Reverse Engineering Thick-clients • Thick-client Overview – “Old School” • Local Software & Occasional Local Storage – Local Software Connecting to Server Software • Traditionally Installed Local Software via TCP/IP Sockets • Web Delivered Local Software via TCP/IP Sockets • Web Delivered Local Software via HTTP/S – Alternative to Web/Thin Clients • Occasionally More Efficient • Allows for Interaction with Local Office Automation Software • Allows for Syncing/Batch Uploads for Offline Use
  • 4. Reverse Engineering Thick-clients • Thick-client Attack Surface – Local Software & Local Storage = Local Exposures • Rootkits • Cache & Registry Corruption • Information Disclosure – One-off Exposures • Access to Office Automation Software Exposures – Ignorance is Bliss • Assumed Lack of Attack Surface – Can Still Proxy Requests – Sniffers Can Be Goldmines • Overreliance on Data in Transit Crypto Protections • Overreliance on Segregation of Duties & Access Controls
  • 5. Reverse Engineering Thick-clients • Reverse Engineering Thick-clients – Tools • Decompilers: Dotpeek, Reflector, JustDecompile, ILSpy, DILE, PEBrowse, Java Decompile, Mocha & DJ Java Compiler • Profilers: Eclipse – Test & Performance Tools Platform (TPTP), MSVS – MSIL Disassembler (lldasm), YourKit & DTrace • Proxies: Burp – Wsdler.jar, BurpJDSer.jar, ZAP & Paros • Sniffers: Wireshark – Access • Binaries • Local Files, Storage & Office Automation Plugins
  • 6. Reverse Engineering Thick-clients • Example – App • Java Swing TCP-based Thick-client  AWS EC2 Java 7 – AWS AMI Linux Distro, Executable JAR on Server & Local MySQL – Windows 8.1, Java 7 – Tools • Decompilers: DJ Java Decompiler & Mocha • Profilers: YourKit • Proxies: Burp – Wsdler.jar, BurpJDSer.jar • Sniffers: Wireshark – Access • Binaries, Local Files, Storage & Office Automation Plugins
  • 7. • Questions? • Contact – Email: steve@ncontrol-llc.com – LinkedIn: http://www.linkedin.com/in/smarkey – Twitter: markes1