1 / 7

Reverse Engineering Thick-clients

Reverse Engineering Thick-clients. Steven C. Markey , MSIS, PMP, CISSP, CIPP/US, CISM, CISA, STS-EV, CCSK Principal, nControl, LLC Adjunct Professor. Reverse Engineering Thick-clients. Agenda Thick-client Overview Attack Surface Reverse Engineering Thick-clients.

Download Presentation

Reverse Engineering Thick-clients

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Reverse Engineering Thick-clients Steven C. Markey, MSIS, PMP, CISSP, CIPP/US, CISM, CISA, STS-EV, CCSK Principal, nControl, LLC Adjunct Professor

  2. Reverse Engineering Thick-clients • Agenda • Thick-client Overview • Attack Surface • Reverse Engineering Thick-clients

  3. Reverse Engineering Thick-clients • Thick-client Overview • “Old School” • Local Software & Occasional Local Storage • Local Software Connecting to Server Software • Traditionally Installed Local Software via TCP/IP Sockets • Web Delivered Local Software via TCP/IP Sockets • Web Delivered Local Software via HTTP/S • Alternative to Web/Thin Clients • Occasionally More Efficient • Allows for Interaction with Local Office Automation Software • Allows for Syncing/Batch Uploads for Offline Use

  4. Reverse Engineering Thick-clients • Thick-client Attack Surface • Local Software & Local Storage = Local Exposures • Rootkits • Cache & Registry Corruption • Information Disclosure • One-off Exposures • Access to Office Automation Software Exposures • Ignorance is Bliss • Assumed Lack of Attack Surface • Can Still Proxy Requests • Sniffers Can Be Goldmines • Overreliance on Data in Transit Crypto Protections • Overreliance on Segregation of Duties & Access Controls

  5. Reverse Engineering Thick-clients • Reverse Engineering Thick-clients • Tools • Decompilers: Dotpeek, Reflector, JustDecompile, ILSpy, DILE, PEBrowse, Java Decompile, Mocha & DJ Java Compiler • Profilers: Eclipse – Test & Performance Tools Platform (TPTP), MSVS – MSIL Disassembler (lldasm), YourKit & DTrace • Proxies: Burp – Wsdler.jar, BurpJDSer.jar, ZAP & Paros • Sniffers: Wireshark • Access • Binaries • Local Files, Storage, & Office Automation Plugins

  6. Reverse Engineering Thick-clients • Example • App • Java Swing TCP-based Thick-client  AWS EC2 Java 7 • AWS AMI Linux Distro, Executable JAR on Server & Local MySQL • Windows 8.1, Java 7 • Tools • Decompilers: DJ Java Decompiler & Mocha • Profilers: YourKit • Proxies: Burp – Wsdler.jar, BurpJDSer.jar • Sniffers: Wireshark • Access • Binaries, Local Files, Storage & Office Automation Plugins

  7. Questions? • Contact • Email: steve@ncontrol-llc.com • LinkedIn: http://www.linkedin.com/in/smarkey • Twitter: markes1

More Related