Thick Client Security - Sensitive Information In Hexdump

Hexdump is a utility that displays the contents of binary files in hexadecimal, decimal, octal, or ASCII. It’s a utility for inspection and can be used for data recovery, reverse engineering and programming.

In some cases Hexdump stores sensitive information like Usernames, Keys, Passwords, Tokens etc.

Steps to test:

Step 1: Open thickclient application. Login & browse through all the functionalities of the application.

Step 2: Navigate to task manager. select your thickclient application process, right click and create hexdump as shown below. When the dump is created windows shows the location of dump.

Step 3: Now navigate to location of dump file and open the dump file. Dump file can be viewed using multiple tools like 010 editor, Hex editor, winhex, notepad++.

Step 4: Look for sensitive information stored in dump files, In majority of cases login credentials stored on RAM will not encrypted. Search for login credentials & for keywords like password, username, token, API etc. The below screenshot shows password stored in dumpfile.

Remediation: Encrypt the sensitive data stored in in-process memory.

!! Happy Learning !!