Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Hari-prasaanth/Thick-Client-Pentest-Checklist

A OWASP Based Checklist With 80+ Test Cases
https://github.com/Hari-prasaanth/Thick-Client-Pentest-Checklist

checklist penetration-testing penetration-testing-framework pentesting thick-client thin-client

Last synced: about 1 month ago
JSON representation

A OWASP Based Checklist With 80+ Test Cases

Awesome Lists containing this project

README

        

# THICK CLIENT PENTESTING CHECKLIST

**OWASP Based Checklist 🌟🌟**

**80+ Test Cases 🚀🚀**

Notion link: https://hariprasaanth.notion.site/THICK-CLIENT-PENTESTING-CHECKLIST-35c6803f26eb4c9d89ba7f5fdc901fb0

- **INFORMATION GATHERING**

**Information Gathering**

- [ ] Find out the application architecture (two-tier or three-tier)
- [ ] Find out the technologies used (languages and frameworks)
- [ ] Identify network communication
- [ ] Observe the application process
- [ ] Observe each functionality and behavior of the application
- [ ] Identify all the entry points
- [ ] Analyze the security mechanism (authorization and authentication)

**Tools Used**

- [ ] CFF Explorer
- [ ] Sysinternals Suite
- [ ] Wireshark
- [ ] PEid
- [ ] Detect It Easy (DIE)
- [ ] Strings

- **GUI TESTING**

**Test For GUI Object Permission**

- [ ] Display hidden form object
- [ ] Try to activate disabled functionalities
- [ ] Try to uncover the masked password

**Test GUI Content**

- [ ] Look for sensitive information

**Test For GUI Logic**

- [ ] Try for access control and injection-based vulnerabilities
- [ ] Bypass controls by utilizing intended GUI functionality
- [ ] Check improper error handling
- [ ] Check weak input sanitization
- [ ] Try privilege escalation (unlocking admin features to normal users)
- [ ] Try payment manipulation

**Tools Used**

- [ ] UISpy
- [ ] Winspy++
- [ ] Window Detective
- [ ] Snoop WPF

- **FILE TESTING**

**Test For Files Permission**

- [ ] Check permission for each and every file and folder

**Test For File Continuity**

- [ ] Check strong naming
- [ ] Authenticate code signing

**Test For File Content Debugging**

- [ ] Look for sensitive information on the file system (symbols, sensitive data, passwords, configurations)
- [ ] Look for sensitive information on the config file
- [ ] Look for Hardcoded encryption data
- [ ] Look for Clear text storage of sensitive data
- [ ] Look for side-channel data leakage
- [ ] Look for unreliable log

**Test For File And Content Manipulation**

- [ ] Try framework backdooring
- [ ] Try DLL preloading
- [ ] Perform Race condition check
- [ ] Test for Files and content replacement
- [ ] Test for Client-side protection bypass using reverse engineering

**Test For Function Exported**

- [ ] Try to find the exported functions
- [ ] Try to use the exported functions without authentication

**Test For Public Methods**

- [ ] Make a wrapper to gain access to public methods without authentication

**Test For Decompile And Application Rebuild**

- [ ] Try to recover the original source code, passwords, keys
- [ ] Try to decompile the application
- [ ] Try to rebuild the application
- [ ] Try to patch the application

**Test For Decryption And DE obfuscation**

- [ ] Try to recover original source code
- [ ] Try to retrieve passwords and keys
- [ ] Test for lack of obfuscation

**Test For Disassemble and Reassemble**

- [ ] Try to build a patched assembly

**Tools Used**

- [ ] Strings
- [ ] dnSpy
- [ ] Procmon
- [ ] Process Explorer
- [ ] Process Hacker

- **REGISTRY TESTING**

**Test For Registry Permissions**

- [ ] Check read access to the registry keys
- [ ] Check to write access to the registry keys

**Test For Registry Contents**

- [ ] Inspect the registry contents
- [ ] Check for sensitive info stored on the registry
- [ ] Compare the registry before and after executing the application

**Test For Registry Manipulation**

- [ ] Try for registry manipulation
- [ ] Try to bypass authentication by registry manipulation
- [ ] Try to bypass authorization by registry manipulation

**Tools Used**

- [ ] Regshot
- [ ] Procmon
- [ ] Accessenum

- **NETWORK TESTING**

**Test For Network**

- [ ] Check for sensitive data in transit
- [ ] Try to bypass firewall rules
- [ ] Try to manipulate network traffic

**Tools Used**

- [ ] Wireshark
- [ ] TCPview

- **ASSEMBLY TESTING**

**Test For Assembly**

- [ ] Verify Address Space Layout Randomization (ASLR)
- [ ] Verify SafeSEH
- [ ] Verify Data Execution Prevention (DEP)
- [ ] Verify strong naming
- [ ] Verify ControlFlowGuard
- [ ] Verify HighentropyVA

**Tools Used**

- [ ] PESecurity

- **MEMORY TESTING**

**Test For Memory Content**

- [ ] Check for sensitive data stored in memory

**Test For Memory Manipulation**

- [ ] Try for memory manipulation
- [ ] Try to bypass authentication by memory manipulation
- [ ] Try to bypass authorization by memory manipulation

**Test For Run Time Manipulation**

- [ ] Try to analyze the dump file
- [ ] Check for process replacement
- [ ] Check for modifying assembly in the memory
- [ ] Try to debug the application
- [ ] Try to identify dangerous functions
- [ ] Use breakpoints to test each and every functionality

**Tools Used**

- [ ] Process Hacker
- [ ] HxD
- [ ] Strings

- **TRAFFIC TESTING**

**Test For Traffic**

- [ ] Analyze the flow of network traffic
- [ ] Try to find sensitive data in transit

**Tools Used**

- [ ] Echo Mirage
- [ ] MITM Relay
- [ ] Burp Suite

- **COMMON VULNERABILITIES TESTING**

**Test For Common Vulnerabilities**

- [ ] Try to decompile the application
- [ ] Try for reverse engineering
- [ ] Try to test with OWASP WEB Top 10
- [ ] Try to test with OWASP API Top 10
- [ ] Test for DLL Hijacking
- [ ] Test for signature checks (Use Sigcheck)
- [ ] Test for binary analysis (Use Binscope)
- [ ] Test for business logic errors
- [ ] Test for TCP/UDP attacks
- [ ] Test with automated scanning tools (Use Visual Code Grepper - VCG)

### Shaped by: Hariprasaanth R

**Reach Me: [LinkedIn](https://www.linkedin.com/in/hariprasaanth) [Portfolio](https://hariprasaanth.blogspot.com/) [Github](https://github.com/Hari-prasaanth)**