Thick Client Security - Sensitive Info In Memory

In majority of cases information stored in memory won’t be encrypted. This unencrypted information might reveal sensitive data of particular thick client application. By using “Process Hacker” tool we can check for sensitive data stored in memory.

Steps to test:

Step 1: Download & install the “Process Hacker” tool from below link https://processhacker.sourceforge.io/downloads.php

Step 2: Login to thick client application and browse through all the functionalities. Open “process hacker” tool and look for .EXE files of thick client application which you are testing.

Step 3: Navigate to properties of .exe file(thick client which you are testing),select memory as shown in above screenshot. Now under memory select strings. Inside strings look for any sensitive information like Passwords, Pins, Internal API endpoints, tokens etc.

Remediation: Sensitive Information should be encrypted, If encryption not possible use Obfuscation techniques, take a call based on severity of application.

!! Happy Learning !!