Thick Client Security-Unsigned DLL Vulnerability & The Validity Of Certificates.

  1. Internal organization certificates can be used for signing the DLL and EXE files.
  2. Use “Sigcheck” tool to verify whether DLL and EXE files are signed. Sigcheck tool is a part of Microsoft sysinternalsSuite. Use the below link to download sysinternal tools. https://download.sysinternals.com/files/SysinternalsSuite.zip
Sigcheck Tool

4. Sigcheck is a command line tool so, open the command prompt from sysinternal tools folder and specify the folder path in the below command to verify the signature of DLL & EXE files present in that folder. Advantage of sigcheck tool is it will identify the signature of all the files present in the given path at a time.

5. We can also manually verify the signature from the property of DLL & EXE files.

Unsigned DLL

6. Below is the example of signed DLL file.

Signed DLL

7. We should also check for validity of certificate because sometimes certificates might be expired.

Certificate Validity

Remediation: It is recommended to sign all DLL’s and EXE files of thickclient using the Organization’s Certificate.

!! Happy Learning !!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store