{"id":50319,"date":"2024-06-28T11:37:08","date_gmt":"2024-06-28T09:37:08","guid":{"rendered":"https:\/\/www.usd.de\/?p=50319"},"modified":"2024-06-28T15:25:08","modified_gmt":"2024-06-28T13:25:08","slug":"fat-client-pentesting-guest-lecture-hochschule-muenchen","status":"publish","type":"post","link":"https:\/\/www.usd.de\/en\/fat-client-pentesting-guest-lecture-hochschule-muenchen\/","title":{"rendered":"Fat Client Pentesting: Hands-On Decompilation &amp; Exploitation - Guest Lecture at Hochschule M\u00fcnchen University of Applied Sciences"},"content":{"rendered":"\n<p>Last Tuesday, usd visited the <a href=\"https:\/\/hm.edu\/en\/index.en.html\" data-type=\"link\" data-id=\"https:\/\/hm.edu\/en\/index.en.html\" target=\"_blank\" rel=\"noopener\">Hochschule M\u00fcnchen University of Applied Sciences<\/a> for the second time as part of the \"IT Security\" lecture series. Our colleague Merten Nagel, Managing Consultant and Pentester at <a href=\"https:\/\/herolab.usd.de\/en\/\" data-type=\"link\" data-id=\"https:\/\/herolab.usd.de\/en\/\" target=\"_blank\" rel=\"noopener\">usd HeroLab<\/a>, gave students an introduction to the topic of \"Fat Client Pentesting\" followed by a practical task.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\"In order to give the students practical insights into our daily work, I decided to do a hands-on workshop. After all, trying things out and testing them yourself is one of the best ways to learn in pentesting.\"<\/p>\n<cite>Merten Nagel<\/cite><\/blockquote>\n\n\n\n<p>The workshop started with an insight into the basics. For example, questions such as: What is a fat client? What are the most common vulnerabilities? And how does a pentest work? In general, fat clients are desktop applications that can be a valuable target for attackers. Vulnerabilities in these applications allow unauthorized access to the server-side business logic of a user's entire application landscape, including all the data stored there. With <a href=\"https:\/\/www.usd.de\/pentest\/pentest-fat-clients\/\" data-type=\"link\" data-id=\"https:\/\/www.usd.de\/pentest\/pentest-fat-clients\/\">fat client pentests<\/a>, these vulnerabilities can be proactively identified and subsequently fixed in time.<\/p>\n\n\n\n<p>Once the basics had been clarified, the students, equipped with pizza and drinks, set about the practical task. Using <em>VuCSA<\/em>, a Java application for pentesting fat clients, they tested the methods of hackers themselves by exploiting an SQL injection and command execution in a provided application. Afterwards, the students had the opportunity to ask questions about daily work at usd AG and share their experiences in a relaxed atmosphere. As part of our efforts to grow the security community, our colleagues are always eager to visit German universities and share our daily work as cyber security professionals.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last Tuesday, usd visited the Hochschule M\u00fcnchen University of Applied Sciences for the second time as part of the \"IT Security\" lecture series. Our colleague Merten Nagel, Managing Consultant and Pentester at usd HeroLab, gave students an introduction to the topic of \"Fat Client Pentesting\" followed by a practical task. \"In order to give the [&hellip;]<\/p>\n","protected":false},"author":117,"featured_media":50304,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[373,426],"tags":[4864,9720,542,2307,4866,378,9169],"class_list":["post-50319","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-en","category-events-community-en","tag-engagement-in-der-lehre-en","tag-hochschule-muenchen-en","tag-informationssicherheit-en","tag-karriere-it-security-2","tag-lehre-en","tag-pentest-en","tag-pentesting-en"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/50319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/117"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=50319"}],"version-history":[{"count":5,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/50319\/revisions"}],"predecessor-version":[{"id":50345,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/50319\/revisions\/50345"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/50304"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=50319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/categories?post=50319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/tags?post=50319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}