
This lecture provides a brief introduction to thick client applications and their architecture.
This lecture describes the software needed for the course.
This lecture shows the step by step installation instructions to set up the environment for the vulnerable application.
This video presents an additional challenge that we need to crack before proceeding with the rest of the course. Students will have to reverse engineer the application and enable a disabled button in order to to be able to configure the vulnerable application.
This lecture provides the step by step procedure to reverse engineer and patch the target application. After cracking this challenge, students can configure the target application to communicate with the database and FTP server.
This lecture provides a brief introduction to information gathering
This lecture provides step by step instructions to install tools required in this module.
This lecture shows a tool called tcpview to determine network connections of the vulnerable app.
This lecture shows an introduction to wireshark
This lecture shows how CFF explorer can be used to identify the PE file details.
This lecture explains how file system changes can be monitored using a utility called process monitor.
This lecture provides a brief introduction to tools needed for traffic analysis of thick client applications.
This lecture provides installation instructions of traffic analysis tools.
This course introduces students to the penetration testing concepts associated with Thick Client Applications. This is an entry level to intermediate level course and we encourage you to take this course if you are interested to learn Thick Client Application Security. This course uses a modified version of vulnerable Thick Client Application called DVTA to demonstrate how thick client application vulnerabilities can be identified and exploited. This course teaches you a variety of Thick Client Application security concepts such as Information Gathering, Traffic Analysis, Reversing & Patching .NET binaries, Insecure Data Storage, Decrypting encrypted secrets, Privilege Escalation etc. This course acts as a great introduction to spotting and exploiting vulnerabilities in windows executables. Though the course focuses on windows executable files specifically C# .NET binaries, the concepts remain the same for executables of any platform.