Unlike web applications Thick Clients tend to write/modify files and registry entries. Often the files and registry entries contain sensitive data such as usernames, passwords, license keys, database credentials, cryptographic keys, etc.
If an adversary gains access to the sensitive data saved in the files and registry entries, the application can be compromised. To evaluate how the application handles sensitive data, we need to understand and monitor the files and registry entries made by the application which can be done with the help of Sysinternal tool, Process Monitor.
Process Monitor analyzes Thick Client applications activities in the local machine. It shows real-time file system, registry, and process/thread activity. By default, this tool monitors all the running processes and by setting up proper filters can show file system, registry and process/thread activity of a particular process. The following screenshots show the activities of Google Talk monitored by the Process Monitor.
Registry Activity Filter:
File System Activity Filter:
Both web and Thick Client applications store data in the memory (Random Access Memory) for further processing. Some applications may write sensitive information such as user credentials, cryptographic keys or sensitive user data in the memory. An attacker can obtain access to this data with the help of memory-reading tools like Winhex or HxD.
The following screenshots show that user credentials entered in Yahoo Messenger can be read from memory with the help of Winhex and Hxd.
About the Author
Muhammed Noushad K. is an EC Council-Certified Security Analyst (ECSA) involved in information security for the past five years. He has rich experience in Application Security and Secure Code Reviews. Currently, he is employed as a Security Researcher at Paladion Networks, an information security organization providing security services for corporate organizations in India, Malaysia, the Middle East, and the USA. Paladion’s mission is to harness global technologies to deliver trusted solutions for creating a secure business environment.