Thick Client Security - Unsigned DLL Vulnerability & The Validity Of Certificates.
- All the DLL and EXE files consumed by the thickclient application which we are testing should be digitally signed by using valid certificates.
- Internal organization certificates can be used for signing the DLL and EXE files.
- Use “Sigcheck” tool to verify whether DLL and EXE files are signed. Sigcheck tool is a part of Microsoft sysinternalsSuite. Use the below link to download sysinternal tools. https://download.sysinternals.com/files/SysinternalsSuite.zip
4. Sigcheck is a command line tool so, open the command prompt from sysinternal tools folder and specify the folder path in the below command to verify the signature of DLL & EXE files present in that folder. Advantage of sigcheck tool is it will identify the signature of all the files present in the given path at a time.
5. We can also manually verify the signature from the property of DLL & EXE files.
6. Below is the example of signed DLL file.
7. We should also check for validity of certificate because sometimes certificates might be expired.
Remediation: It is recommended to sign all DLL’s and EXE files of thickclient using the Organization’s Certificate.
!! Happy Learning !!