performing-thick-client-application-penetration-test

Featured

Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials, DLL hijacking, memory manipulation, and insecure API communication in desktop applications using dnSpy, Procmon, and Burp Suite.

AI & Automation 16,326 stars 1981 forks Updated 2 weeks ago Apache-2.0

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing Thick Client Application Penetration Test ## Overview Thick client (fat client) penetration testing assesses the security of desktop applications that run locally on user machines and communicate with backend servers. Unlike web applications, thick clients present a broader attack surface including local file storage, binary analysis, memory manipulation, DLL injection, process interception, and client-server communication. Common targets include banking applications, ERP clients (SAP GUI), trading platforms, healthcare systems, and legacy enterprise software. ## When to Use - When conducting security assessments that involve performing thick client application penetration test - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Application installer and valid credentials - Windows/Linux test machine (isolated) - Tools: dnSpy, Procmon, Process Hacker, Wireshark, Burp Suite, Echo Mirage, Fiddler, IDA Pro/Ghidra - Administrative access to test machine > **Legal Notice:** This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws. ## Phase 1 — Information Gathering ### Static Analysis ```powershell # Identify application technology # Check fi...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
2 weeks ago
Language
Python
License
Apache-2.0

Bundled in these plugins

cybersecurity-skills

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

conducting-internal-network-penetration-test

Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify lateral movement paths, privilege escalation vectors, and sensitive data exposure within the corporate network.

16,326 Updated 2 weeks ago
mukul975
AI & Automation Featured

performing-web-application-penetration-test

Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG) methodology to identify vulnerabilities in authentication, authorization, input validation, session management, and business logic. The tester uses Burp Suite as the primary interception proxy alongside manual testing techniques to find flaws that automated scanners miss. Activates for requests involving web app pentest, OWASP testing, application security assessment, or web vulnerability testing.

16,326 Updated 2 weeks ago
mukul975
AI & Automation Featured

conducting-social-engineering-penetration-test

Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical pretexting campaigns to measure human security resilience and identify training gaps.

16,326 Updated 2 weeks ago
mukul975