- When the thick client application is installed majority of times files and folders are more permissive than required.
- Attacker can use these excessive files and folders permissions to perform malicious activities. Even these excessive permissions leads to DLL hijacking attack.
- At a time we can verify the given permissions for all files in a particular folder using “sysyinternals tool” — “AccessEnum” or We can manually check the assigned permissions for particular file or folder.
4. In AccessEnum tool make the below change to view permissions for all files present in the given folder.
navigate to “options” → “File display options” → “Display files with permissions that differ from parent”
5. Input the folder path into AccessEnum tool and click on scan to view the permissions of files. Only Administrator should have Read & Write permissions. If the permission is set to everyone it should be changed to Administrator.
6. Permissions can be verified manually in the properties of the particular file or folder.
Remediation: Remove the excessive file permissions on files and folders.
!! Happy Learning !!