A beginner-oriented introduction to thick client penetration testing using the DVTA (Damn Vulnerable Thick Client Application) practice tool. Covers the difference between thin and thick clients, their architecture (2-tier vs 3-tier), and walks through static analysis techniques including config file inspection for hardcoded credentials, decompiling .NET binaries with dnspy to find authentication bypass via Windows Registry manipulation, using CFF Explorer and Sysinternals tools for binary analysis, and a brief demonstration of DLL hijacking using Metasploit's msfvenom to create a malicious DLL for reverse shell access.
Sort: