title: Fat-Client Audit Checklist
date: 2021-01-13
categories: [checklists]
tags: [fatclient, audit]
Fat-Client Audit Checklist
Cryptography: Authentication & Encryption
Implementation
Business Logic
Configuration
Useful Tools
- Dissassembler: IDA Pro, Cutter, Ghidra, dnSpy, ...
- Debugger: r2, x64, ...
- Proxy: Burp Suite, CANAPE, Postman (APIs)
- Sysinternals: Process Explorer, Process Monitor, strings, ...
- API Monitor
- Frida (+ Fermion GUI)
Further Tipps/Hints:
- Procmon for president:
- Check for network endpoints (disable DNS resolving)
- Check loaded configuration files
- Check if files are loaded from shares
- Check for missing DLLs for DLL Load Order Hijacking (if proc. is elvated)
- Introspect socket content with API Monitor and backtrace syscalls to the original DLL/Executable
- View all loaded DLLs with Process Explorer (Ctr+D)
- If openSSL is used: hook the SSL_write and SSL_read functions to read the plaintext traffic.
- DnSpy can export all loaded modules of a (.Net) application as VS project