# Thick Client Pentesting Checklist **OWASP Based Checklist by** [Hariprasaanth R](https://github.com/Hari-prasaanth/Thick-Client-Pentest-Checklist) Also available on [Notion ](https://hariprasaanth.notion.site/THICK-CLIENT-PENTESTING-CHECKLIST-35c6803f26eb4c9d89ba7f5fdc901fb0)\\ **INFORMATION GATHERING** **Information Gathering** * [ ] Find out the application architecture (two-tier or three-tier) * [ ] Find out the technologies used (languages and frameworks) * [ ] Identify network communication * [ ] Observe the application process * [ ] Observe each functionality and behavior of the application * [ ] Identify all the entry points * [ ] Analyze the security mechanism (authorization and authentication) **Tools Used** * [ ] CFF Explorer * [ ] Sysinternals Suite * [ ] Wireshark * [ ] PEid * [ ] Detect It Easy (DIE) * [ ] Strings #### **GUI TESTING** **Test For GUI Object Permission** * [ ] Display hidden form object * [ ] Try to activate disabled functionalities * [ ] Try to uncover the masked password **Test GUI Content** * [ ] Look for sensitive information **Test For GUI Logic** * [ ] Try for access control and injection-based vulnerabilities * [ ] Bypass controls by utilizing intended GUI functionality * [ ] Check improper error handling * [ ] Check weak input sanitization * [ ] Try privilege escalation (unlocking admin features to normal users) * [ ] Try payment manipulation **Tools Used** * [ ] UISpy * [ ] Winspy++ * [ ] Window Detective * [ ] Snoop WPF #### **FILE TESTING** **Test For Files Permission** * [ ] Check permission for each and every file and folder **Test For File Continuity** * [ ] Check strong naming * [ ] Authenticate code signing **Test For File Content Debugging** * [ ] Look for sensitive information on the file system (symbols, sensitive data, passwords, configurations) * [ ] Look for sensitive information on the config file * [ ] Look for Hardcoded encryption data * [ ] Look for Clear text storage of sensitive data * [ ] Look for side-channel data leakage * [ ] Look for unreliable log **Test For File And Content Manipulation** * [ ] Try framework backdooring * [ ] Try DLL preloading * [ ] Perform Race condition check * [ ] Test for Files and content replacement * [ ] Test for Client-side protection bypass using reverse engineering **Test For Function Exported** * [ ] Try to find the exported functions * [ ] Try to use the exported functions without authentication **Test For Public Methods** * [ ] Make a wrapper to gain access to public methods without authentication **Test For Decompile And Application Rebuild** * [ ] Try to recover the original source code, passwords, keys * [ ] Try to decompile the application * [ ] Try to rebuild the application * [ ] Try to patch the application **Test For Decryption And DE obfuscation** * [ ] Try to recover original source code * [ ] Try to retrieve passwords and keys * [ ] Test for lack of obfuscation **Test For Disassemble and Reassemble** * [ ] Try to build a patched assembly **Tools Used** * [ ] Strings * [ ] dnSpy * [ ] Procmon * [ ] Process Explorer * [ ] Process Hacker #### **REGISTRY TESTING** **Test For Registry Permissions** * [ ] Check read access to the registry keys * [ ] Check to write access to the registry keys **Test For Registry Contents** * [ ] Inspect the registry contents * [ ] Check for sensitive info stored on the registry * [ ] Compare the registry before and after executing the application **Test For Registry Manipulation** * [ ] Try for registry manipulation * [ ] Try to bypass authentication by registry manipulation * [ ] Try to bypass authorization by registry manipulation **Tools Used** * [ ] Regshot * [ ] Procmon * [ ] Accessenum #### **NETWORK TESTING** **Test For Network** * [ ] Check for sensitive data in transit * [ ] Try to bypass firewall rules * [ ] Try to manipulate network traffic **Tools Used** * [ ] Wireshark * [ ] TCPview #### **ASSEMBLY TESTING** **Test For Assembly** * [ ] Verify Address Space Layout Randomization (ASLR) * [ ] Verify SafeSEH * [ ] Verify Data Execution Prevention (DEP) * [ ] Verify strong naming * [ ] Verify ControlFlowGuard * [ ] Verify HighentropyVA **Tools Used** * [ ] PESecurity #### **MEMORY TESTING** **Test For Memory Content** * [ ] Check for sensitive data stored in memory **Test For Memory Manipulation** * [ ] Try for memory manipulation * [ ] Try to bypass authentication by memory manipulation * [ ] Try to bypass authorization by memory manipulation **Test For Run Time Manipulation** * [ ] Try to analyze the dump file * [ ] Check for process replacement * [ ] Check for modifying assembly in the memory * [ ] Try to debug the application * [ ] Try to identify dangerous functions * [ ] Use breakpoints to test each and every functionality **Tools Used** * [ ] Process Hacker * [ ] HxD * [ ] Strings #### **TRAFFIC TESTING** **Test For Traffic** * [ ] Analyze the flow of network traffic * [ ] Try to find sensitive data in transit **Tools Used** * [ ] Echo Mirage * [ ] MITM Relay * [ ] Burp Suite #### **COMMON VULNERABILITIES TESTING** **Test For Common Vulnerabilities** * [ ] Try to decompile the application * [ ] Try for reverse engineering * [ ] Try to test with OWASP WEB Top 10 * [ ] Try to test with OWASP API Top 10 * [ ] Test for DLL Hijacking * [ ] Test for signature checks (Use Sigcheck) * [ ] Test for binary analysis (Use Binscope) * [ ] Test for business logic errors * [ ] Test for TCP/UDP attacks * [ ] Test with automated scanning tools (Use Visual Code Grepper - VCG)