Thick Client Security - Sensitive Information In Hexdump
Hexdump is a utility that displays the contents of binary files in hexadecimal, decimal, octal, or ASCII. It’s a utility for inspection and can be used for data recovery, reverse engineering and programming.
In some cases Hexdump stores sensitive information like Usernames, Keys, Passwords, Tokens etc.
Steps to test:
Step 1: Open thickclient application. Login & browse through all the functionalities of the application.
Step 2: Navigate to task manager. select your thickclient application process, right click and create hexdump as shown below. When the dump is created windows shows the location of dump.
Step 3: Now navigate to location of dump file and open the dump file. Dump file can be viewed using multiple tools like 010 editor, Hex editor, winhex, notepad++.
Step 4: Look for sensitive information stored in dump files, In majority of cases login credentials stored on RAM will not encrypted. Search for login credentials & for keywords like password, username, token, API etc. The below screenshot shows password stored in dumpfile.
Remediation: Encrypt the sensitive data stored in in-process memory.
!! Happy Learning !!