Thick Client Security - Unsigned DLL Vulnerability & The Validity Of Certificates.

1. All the DLL and EXE files consumed by the thickclient application which we are testing should be digitally signed by using valid certificates.
2. Internal organization certificates can be used for signing the DLL and EXE files.
3. Use “Sigcheck” tool to verify whether DLL and EXE files are signed. Sigcheck tool is a part of Microsoft sysinternalsSuite. Use the below link to download sysinternal tools. https://download.sysinternals.com/files/SysinternalsSuite.zip

Sigcheck Tool

4. Sigcheck is a command line tool so, open the command prompt from sysinternal tools folder and specify the folder path in the below command to verify the signature of DLL & EXE files present in that folder. Advantage of sigcheck tool is it will identify the signature of all the files present in the given path at a time.

5. We can also manually verify the signature from the property of DLL & EXE files.

Unsigned DLL

6. Below is the example of signed DLL file.

Signed DLL

7. We should also check for validity of certificate because sometimes certificates might be expired.

Certificate Validity

Remediation: It is recommended to sign all DLL’s and EXE files of thickclient using the Organization’s Certificate.

!! Happy Learning !!