Thick Client Security-Unsigned DLL Vulnerability & The Validity Of Certificates.

  1. Internal organization certificates can be used for signing the DLL and EXE files.
  2. Use “Sigcheck” tool to verify whether DLL and EXE files are signed. Sigcheck tool is a part of Microsoft sysinternalsSuite. Use the below link to download sysinternal tools. https://download.sysinternals.com/files/SysinternalsSuite.zip
Sigcheck Tool

4. Sigcheck is a command line tool so, open the command prompt from sysinternal tools folder and specify the folder path in the below command to verify the signature of DLL & EXE files present in that folder. Advantage of sigcheck tool is it will identify the signature of all the files present in the given path at a time.

5. We can also manually verify the signature from the property of DLL & EXE files.

Unsigned DLL

6. Below is the example of signed DLL file.

Signed DLL

7. We should also check for validity of certificate because sometimes certificates might be expired.

Certificate Validity

Remediation: It is recommended to sign all DLL’s and EXE files of thickclient using the Organization’s Certificate.

!! Happy Learning !!

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

https://openlivenft.medium.com/what-is-openlive-nft-b9531b1804c5

Creating Your First Package in Salesforce

Data Science And Web Scraping

Multi-Container Apps on User-Defined Networks

Export Bitbucket Commit Graphs to Excel

Export Bitbucket Graphs to Excel

4 ways to scale your Trello workflow to multiple boards

Gradient Views in SwiftUI

Graphics Processors (GPUs) Under the Hood

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Abhi Gowda

Abhi Gowda

More from Medium

Detecting and Preventing DLL Hijacking

Everything About Path Traversal Vulnerability

Cloudflare WAF bypass via Origin IP

XSS — WAF Bypass