This educational article serves as a two-part guide to thick client penetration testing which is the examination of locally installed applications that interact with remote servers.
Thick clients are attractive to hackers because they have privileged access to local resources and complex network communication pathways, rendering them vulnerable.
The writer identifies four key components of thick client applications: a graphical user interface, local storage, network communication, and dependence on local system resources.
The author lists a number of thick client vulnerabilities, including misconfigurations and poor DLL loading practices, which may be exploited to achieve remote code execution.
The article concludes with a non-exhaustive list of techniques, methodologies and execution practices including DLL hijacking and injection, API hooking and manipulation, and binary patching and reverse engineering.