Thick Client Security-Unsigned DLL Vulnerability & The Validity Of Certificates.

  1. All the DLL and EXE files consumed by the thickclient application which we are testing should be digitally signed by using valid certificates.
  2. Internal organization certificates can be used for signing the DLL and EXE files.
  3. Use “Sigcheck” tool to verify whether DLL and EXE files are signed. Sigcheck tool is a part of Microsoft sysinternalsSuite. Use the below link to download sysinternal tools. https://download.sysinternals.com/files/SysinternalsSuite.zip
Sigcheck Tool
Unsigned DLL
Signed DLL
Certificate Validity

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store