Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/cybersecurityup/desktop-app-pentest-checklist


https://github.com/cybersecurityup/desktop-app-pentest-checklist

Last synced: 5 months ago
JSON representation

Awesome Lists containing this project

README 

          
#### **1. Initial Reconnaissance**

- [ ] Identify the target operating system (Windows, macOS, Linux).

- [ ] Identify the application architecture (32/64-bit).

- [ ] Identify the programming language used (e.g., C++, .NET, Java).

- [ ] List external dependencies (DLLs, libraries, frameworks).

- [ ] Verify permissions and privileges required for execution.

- [ ] Inspect public documentation (user manuals, help files, changelogs).

- [ ] Identify prior versions and known vulnerabilities (CVEs).



#### **2. Reverse Engineering**

##### **Static Analysis**

- [ ] Extract and analyze the main binary.

- [ ] Identify sensitive strings (passwords, APIs, tokens) using **strings** or **Binwalk**.

- [ ] Identify dependencies with tools like **Dependency Walker** or **Ghidra**.

- [ ] Review compilation settings (enabled/disabled protections such as ASLR, DEP, SafeSEH).

- [ ] Decompile binaries using tools like **IDA Pro**, **Ghidra**, or **dnSpy** (.NET).

- [ ] Extract and analyze embedded resources (icons, images, scripts).

- [ ] Identify critical functions: authentication, access control, encryption.



##### **Dynamic Analysis**

- [ ] Debug the application at runtime using tools like **x64dbg**, **WinDbg**, or **OllyDbg**.

- [ ] Observe control flows (critical functions, loops, system calls).

- [ ] Monitor network traffic with **Wireshark** or **Fiddler**.

- [ ] Map runtime events (file access, memory usage, registry keys).



#### **3. Vulnerability Testing**

##### **Input Validation**

- [ ] Test input fields with long strings to identify buffer overflow vulnerabilities.

- [ ] Check how the application handles unexpected inputs (e.g., special characters, invalid encodings).

- [ ] Perform fuzzing on input fields using tools like **Peach** or **AFL**.

- [ ] Test for command injection in fields interacting with system commands.

- [ ] Test for SQL Injection in forms or embedded database queries.



##### **File Handling**

- [ ] Verify if the application validates file names (path traversal).

- [ ] Test creating malicious files in monitored directories.

- [ ] Modify configuration files and observe behavior changes.

- [ ] Test corrupted or malformed files.



##### **Memory Security**

- [ ] Inspect sensitive data stored in memory (passwords, API keys).

- [ ] Use tools like **Mimikatz** or **Volatility** for memory analysis.

- [ ] Verify protection against buffer overflow (stack canaries, DEP, ASLR).



##### **Authentication and Authorization**

- [ ] Check if credentials are stored locally.

- [ ] Verify session persistence mechanisms (cookies, tokens).

- [ ] Attempt to bypass authentication checks using reverse engineering.

- [ ] Test privilege escalation locally.



#### **4. Network and Communication**

- [ ] Capture traffic generated by the application with **Wireshark** or **tcpdump**.

- [ ] Inspect API or remote service communication with **Burp Suite**.

- [ ] Verify encrypted communication (TLS, SSL).

- [ ] Test for sensitive data interception via reverse proxy.

- [ ] Identify hidden endpoints and exposed routes.



#### **5. Security Bypass**

- [ ] Test for anti-debugging mechanisms.

- [ ] Bypass signed DLL validation checks.

- [ ] Verify code obfuscation and attempt to deobfuscate.

- [ ] Inspect and disable checksum verifications in binaries.



#### **6. Persistence**

- [ ] Analyze temporary files and logs created by the application.

- [ ] Verify registry key usage for storing data on Windows.

- [ ] Identify sensitive data in local or persistent storage.



#### **7. Privilege Escalation**

- [ ] Test application behavior when run as an administrator.

- [ ] Verify file and directory permissions used by the application.

- [ ] Exploit misconfigurations, such as writable files in protected directories.

- [ ] Test malicious DLL/process injection.



#### **8. Advanced Exploitation**

- [ ] Create custom payloads to exploit identified vulnerabilities.

- [ ] Inject shellcode into application memory.

- [ ] Explore malicious DLL injection techniques.

- [ ] Investigate interdependent processes with **ProcMon** and **Process Explorer**.



#### **9. System Protections**

- [ ] Verify ASLR, DEP, and other protections in the executable.

- [ ] Test the effectiveness of digital signatures and integrity checks.

- [ ] Identify sandboxing or security containerization mechanisms.



## Windows API for Desktop Application Pentesting



### 1. Interception and Manipulation of Input and Output



#### Relevant APIs

- `ReadProcessMemory` and `WriteProcessMemory`: To read or modify data directly in the application's memory.

- `SetWindowsHookEx`: To intercept keyboard or mouse inputs.



#### Example Usage

- Use `SetWindowsHookEx` to capture keyboard events and simulate interactions with the application.

- Use `ReadProcessMemory` to access data in memory, such as authentication information or sensitive data.



---



### 2. Automating Interactions with the Application



#### Relevant APIs

- `SendMessage` and `PostMessage`: To send events to the application's interface.

- `FindWindow` and `FindWindowEx`: To locate specific windows or controls.

- `EnumWindows`: To enumerate all open windows and locate the target application.



#### Example Usage

- Use `FindWindow` to identify the application's main window.

- Send events using `SendMessage` to fill out login fields and submit the form automatically.



---



### 3. Process Manipulation



#### Relevant APIs

- `CreateToolhelp32Snapshot`, `Process32First`, and `Process32Next`: To enumerate running processes.

- `OpenProcess`: To open a process with specific permissions.

- `TerminateProcess`: To terminate processes.



#### Example Usage

- Enumerate running processes to locate processes related to the application.

- Use `OpenProcess` to access information or inject code into the application's process.



---



### 4. Reverse Engineering



#### Relevant APIs

- `VirtualProtectEx`: To modify memory permissions, allowing changes to executing code.

- `CreateRemoteThread`: To inject threads into the application's processes.

- `LoadLibrary`: To remotely load custom DLLs.



#### Example Usage

- Inject a custom DLL into the application to intercept critical functions.

- Use `VirtualProtectEx` to alter memory protection and modify the behavior of sensitive functions.



---



### 5. Resource Monitoring



#### Relevant APIs

- `GetFileAttributes` and `ReadFile`: To access and monitor files used by the application.

- `RegOpenKeyEx` and `RegQueryValueEx`: To inspect registry keys used by the application.



#### Example Usage

- Monitor configuration files or logs generated by the application to identify security flaws.

- Examine the Windows registry for configuration or credential information.



---



### 6. Vulnerability Detection



#### Relevant APIs

- `HeapWalk` and `HeapAlloc`: To interact with the application's heap.

- `DeviceIoControl`: To interact with drivers and check if the application makes insecure device calls.



#### Example Usage

- Explore memory allocation flaws (e.g., buffer overflows).

- Test device control functions to identify improper permissions.



---



### 7. Debugging Instrumentation



#### Relevant APIs

- `DebugActiveProcess` and `DebugActiveProcessStop`: To attach a debugger to the application.

- `WaitForDebugEvent`: To capture events generated by the application during runtime.



#### Example Usage

- Use a debugger to inspect the application's execution flow in real-time.

- Identify critical parts of the code that can be exploited.



---



### Tools and Recommended Languages



#### Languages

- **C/C++**: For direct access to Windows APIs.

- **Python**: Using libraries like `ctypes` or `pywin32`.



#### Tools

- **x64dbg** or **OllyDbg**: For debugging and memory analysis.

- **Process Monitor** and **Process Explorer**: For monitoring processes and system events.