Thick Client Pentesting

As of Now added references will be adding clear details soon
Thick client applications, called desktop applications, are full-featured computers that are connected to a network. Unlike thin clients, which lack hard drives and other features, thick clients are functional whether they are connected to a network or not.
While a thick client is fully functional without a network connection, it is only a “client” when it is connected to a server. The server may provide the thick client with programs and files that are not stored on the local machine’s hard drive
References
https://payatu.com/blog/farid/Thick-Client-Basic
payatu.com
Thick Client Penetration Testing Methodology
1 Introduction 2 Common Architectures of Thick Client applications 2.1 Two-Ttier architecture 2.2 Three-Tier architecture 3 How to test thick client applications? 3.1 Information Gathering 3.1.1...
www.cyberark.com
An introduction to privileged file operation abuse on Windows - Almond Offensive Security Blog
offsec.almond.consulting
From thick client exploitation to becoming Kubernetes cluster Admin — The story of a fun bug we…
This post is about an issue we found during a recently conducted thick client pentest that allowed us to gain NT Authority\SYSTEM…
blog.appsecco.com
More Thick Client Fun!
I was hired to do a pentest of a thick client in the UK this week and found a load of fun and serious vulnerabilities and as such I…
medium.com
thick client proxying
parsiya.net
summitt/Burp-Non-HTTP-Extension | ★1187
Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
jitpack.io
https://owasp.org/www-pdf-archive/Thick_Client_%28In%29Security_-_Neelay_S_Shah_-_Mar_24.pdf
owasp.org
Introduction to Hacking Thick Clients: Part 1 - the GUI
There's more to a thick client's GUI than meets the eye. Often, hidden functionality and data lie just beneath the surface.
blog.netspi.com
Build a TCP proxy in Python (part 1/3)
Today, I thought it might be interesting to start a few posts on how to build a easy and useful TCP proxy in Python. I have used a couple…
medium.com
​
​
​
​
​
Cloud Security
Architecture
Last updated 4 months ago