3. Reverse Engineering Thick-clients
• Thick-client Overview
– “Old School”
• Local Software & Occasional Local Storage
– Local Software Connecting to Server Software
• Traditionally Installed Local Software via TCP/IP Sockets
• Web Delivered Local Software via TCP/IP Sockets
• Web Delivered Local Software via HTTP/S
– Alternative to Web/Thin Clients
• Occasionally More Efficient
• Allows for Interaction with Local Office Automation Software
• Allows for Syncing/Batch Uploads for Offline Use
4. Reverse Engineering Thick-clients
• Thick-client Attack Surface
– Local Software & Local Storage = Local Exposures
• Rootkits
• Cache & Registry Corruption
• Information Disclosure
– One-off Exposures
• Access to Office Automation Software Exposures
– Ignorance is Bliss
• Assumed Lack of Attack Surface
– Can Still Proxy Requests
– Sniffers Can Be Goldmines
• Overreliance on Data in Transit Crypto Protections
• Overreliance on Segregation of Duties & Access Controls