Fat Client Pentesting: Hands-On Decompilation & Exploitation - Guest Lecture at Hochschule München University of Applied Sciences

28. June 2024

Last Tuesday, usd visited the Hochschule München University of Applied Sciences for the second time as part of the "IT Security" lecture series. Our colleague Merten Nagel, Managing Consultant and Pentester at usd HeroLab, gave students an introduction to the topic of "Fat Client Pentesting" followed by a practical task.

"In order to give the students practical insights into our daily work, I decided to do a hands-on workshop. After all, trying things out and testing them yourself is one of the best ways to learn in pentesting."

Merten Nagel

The workshop started with an insight into the basics. For example, questions such as: What is a fat client? What are the most common vulnerabilities? And how does a pentest work? In general, fat clients are desktop applications that can be a valuable target for attackers. Vulnerabilities in these applications allow unauthorized access to the server-side business logic of a user's entire application landscape, including all the data stored there. With fat client pentests, these vulnerabilities can be proactively identified and subsequently fixed in time.

Once the basics had been clarified, the students, equipped with pizza and drinks, set about the practical task. Using VuCSA, a Java application for pentesting fat clients, they tested the methods of hackers themselves by exploiting an SQL injection and command execution in a provided application. Afterwards, the students had the opportunity to ask questions about daily work at usd AG and share their experiences in a relaxed atmosphere. As part of our efforts to grow the security community, our colleagues are always eager to visit German universities and share our daily work as cyber security professionals.

Also interesting:

Categories

Categories