Skip to content

Latest commit

 

History

History
231 lines (155 loc) · 6.49 KB

README.md

File metadata and controls

231 lines (155 loc) · 6.49 KB

THICK CLIENT PENTESTING CHECKLIST

OWASP Based Checklist 🌟🌟

80+ Test Cases 🚀🚀

Notion link: https://hariprasaanth.notion.site/THICK-CLIENT-PENTESTING-CHECKLIST-35c6803f26eb4c9d89ba7f5fdc901fb0

  • INFORMATION GATHERING

    Information Gathering

    • Find out the application architecture (two-tier or three-tier)
    • Find out the technologies used (languages and frameworks)
    • Identify network communication
    • Observe the application process
    • Observe each functionality and behavior of the application
    • Identify all the entry points
    • Analyze the security mechanism (authorization and authentication)

    Tools Used

    • CFF Explorer
    • Sysinternals Suite
    • Wireshark
    • PEid
    • Detect It Easy (DIE)
    • Strings
  • GUI TESTING

    Test For GUI Object Permission

    • Display hidden form object
    • Try to activate disabled functionalities
    • Try to uncover the masked password

    Test GUI Content

    • Look for sensitive information

    Test For GUI Logic

    • Try for access control and injection-based vulnerabilities
    • Bypass controls by utilizing intended GUI functionality
    • Check improper error handling
    • Check weak input sanitization
    • Try privilege escalation (unlocking admin features to normal users)
    • Try payment manipulation

    Tools Used

    • UISpy
    • Winspy++
    • Window Detective
    • Snoop WPF
  • FILE TESTING

    Test For Files Permission

    • Check permission for each and every file and folder

    Test For File Continuity

    • Check strong naming
    • Authenticate code signing

    Test For File Content Debugging

    • Look for sensitive information on the file system (symbols, sensitive data, passwords, configurations)
    • Look for sensitive information on the config file
    • Look for Hardcoded encryption data
    • Look for Clear text storage of sensitive data
    • Look for side-channel data leakage
    • Look for unreliable log

    Test For File And Content Manipulation

    • Try framework backdooring
    • Try DLL preloading
    • Perform Race condition check
    • Test for Files and content replacement
    • Test for Client-side protection bypass using reverse engineering

    Test For Function Exported

    • Try to find the exported functions
    • Try to use the exported functions without authentication

    Test For Public Methods

    • Make a wrapper to gain access to public methods without authentication

    Test For Decompile And Application Rebuild

    • Try to recover the original source code, passwords, keys
    • Try to decompile the application
    • Try to rebuild the application
    • Try to patch the application

    Test For Decryption And DE obfuscation

    • Try to recover original source code
    • Try to retrieve passwords and keys
    • Test for lack of obfuscation

    Test For Disassemble and Reassemble

    • Try to build a patched assembly

    Tools Used

    • Strings
    • dnSpy
    • Procmon
    • Process Explorer
    • Process Hacker
  • REGISTRY TESTING

    Test For Registry Permissions

    • Check read access to the registry keys
    • Check to write access to the registry keys

    Test For Registry Contents

    • Inspect the registry contents
    • Check for sensitive info stored on the registry
    • Compare the registry before and after executing the application

    Test For Registry Manipulation

    • Try for registry manipulation
    • Try to bypass authentication by registry manipulation
    • Try to bypass authorization by registry manipulation

    Tools Used

    • Regshot
    • Procmon
    • Accessenum
  • NETWORK TESTING

    Test For Network

    • Check for sensitive data in transit
    • Try to bypass firewall rules
    • Try to manipulate network traffic

    Tools Used

    • Wireshark
    • TCPview
  • ASSEMBLY TESTING

    Test For Assembly

    • Verify Address Space Layout Randomization (ASLR)
    • Verify SafeSEH
    • Verify Data Execution Prevention (DEP)
    • Verify strong naming
    • Verify ControlFlowGuard
    • Verify HighentropyVA

    Tools Used

    • PESecurity
  • MEMORY TESTING

    Test For Memory Content

    • Check for sensitive data stored in memory

    Test For Memory Manipulation

    • Try for memory manipulation
    • Try to bypass authentication by memory manipulation
    • Try to bypass authorization by memory manipulation

    Test For Run Time Manipulation

    • Try to analyze the dump file
    • Check for process replacement
    • Check for modifying assembly in the memory
    • Try to debug the application
    • Try to identify dangerous functions
    • Use breakpoints to test each and every functionality

    Tools Used

    • Process Hacker
    • HxD
    • Strings
  • TRAFFIC TESTING

    Test For Traffic

    • Analyze the flow of network traffic
    • Try to find sensitive data in transit

    Tools Used

    • Echo Mirage
    • MITM Relay
    • Burp Suite
  • COMMON VULNERABILITIES TESTING

    Test For Common Vulnerabilities

    • Try to decompile the application
    • Try for reverse engineering
    • Try to test with OWASP WEB Top 10
    • Try to test with OWASP API Top 10
    • Test for DLL Hijacking
    • Test for signature checks (Use Sigcheck)
    • Test for binary analysis (Use Binscope)
    • Test for business logic errors
    • Test for TCP/UDP attacks
    • Test with automated scanning tools (Use Visual Code Grepper - VCG)

Shaped by: Hariprasaanth R

Reach Me: LinkedIn Portfolio Github