Tools - Windows

Tools used in Windows Thick client pentesting #

Information Gathering #

  1. CFF explorer (https://ntcore.com/?page_id=388)
  2. SysInternal Suite (https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite)
    • Strings
    • Process Monitor
    • Process Explorer
    • Sigcheck

Decompile and Debug #

  1. DnSpy (https://github.com/dnSpy/dnSpy/releases)
  2. ILSpy (https://github.com/icsharpcode/ILSpy/releases)
  3. DotPeek (https://www.jetbrains.com/decompiler/download/#section=web-installer)
  4. Frida (https://github.com/frida/frida/releases)
  5. Ghidra (https://github.com/NationalSecurityAgency/ghidra/releases)
  6. WinDbg (https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools)

Network sniffing and Proxy #

  1. Wireshark (https://www.wireshark.org/download.html)
  2. TCPView (https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview)
  3. EchoMirage (https://sourceforge.net/projects/echomirage.oldbutgold.p/)
  4. Burp Suite NoPE proxy
  5. Fiddler (https://www.telerik.com/fiddler/fiddler-classic)
  6. MiTM relay (https://github.com/jrmdev/mitm_relay)

System Testing #

  1. Symbolic Link Testing tools (https://github.com/googleprojectzero/symboliclink-testing-tools)
Calendar January 2, 2024
Edit Edit this page