mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 06:04:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
59 lines
2.3 KiB
Markdown
59 lines
2.3 KiB
Markdown
# API Reference: Thick Client Penetration Testing
|
|
|
|
## Analysis Tools
|
|
|
|
| Tool | Purpose | Target |
|
|
|------|---------|--------|
|
|
| dnSpy | .NET decompilation and debugging | .NET Framework/Core apps |
|
|
| ILSpy | .NET decompilation (read-only) | .NET assemblies |
|
|
| JD-GUI / JADX | Java decompilation | JAR/APK files |
|
|
| Ghidra / IDA Pro | Native binary reverse engineering | C/C++ executables |
|
|
| Procmon | File/registry/network activity monitoring | Any Windows app |
|
|
| Process Hacker | Process inspection, memory, DLLs | Running processes |
|
|
| Burp Suite | HTTP/HTTPS traffic interception | Client-server communication |
|
|
| Echo Mirage | TCP/UDP traffic interception | Non-HTTP protocols |
|
|
| Frida | Dynamic instrumentation | Any platform |
|
|
|
|
## Static Analysis Targets
|
|
|
|
| Target | Search Pattern | Risk |
|
|
|--------|---------------|------|
|
|
| Hardcoded credentials | `password`, `secret`, `apikey` in strings | Critical |
|
|
| Connection strings | `jdbc:`, `Server=`, `mongodb://` | Critical |
|
|
| SQL queries | `SELECT`, `INSERT`, `UPDATE` | Medium |
|
|
| URLs and endpoints | `http://`, `https://` | Info |
|
|
| Disabled SSL validation | `ServerCertificateValidationCallback` | High |
|
|
|
|
## DLL Hijacking Detection
|
|
|
|
| Step | Tool | Action |
|
|
|------|------|--------|
|
|
| 1 | Procmon | Filter: `Result = NAME NOT FOUND`, `Path ends with .dll` |
|
|
| 2 | Check | Verify if DLL search path includes writable directories |
|
|
| 3 | Validate | Test with benign DLL in writable directory |
|
|
|
|
## Local Storage Locations
|
|
|
|
| Location | Type | Risk |
|
|
|----------|------|------|
|
|
| `%APPDATA%\<app>` | Config, SQLite | Credential storage |
|
|
| `%LOCALAPPDATA%\<app>` | Cache, logs | Data leakage |
|
|
| `HKCU\Software\<app>` | Registry settings | Stored credentials |
|
|
| App install directory | Config files | Hardcoded secrets |
|
|
|
|
## Python Libraries
|
|
|
|
| Library | Version | Purpose |
|
|
|---------|---------|---------|
|
|
| `sqlite3` | stdlib | Audit local SQLite databases |
|
|
| `re` | stdlib | Pattern matching for credentials/URLs |
|
|
| `subprocess` | stdlib | Execute system analysis tools |
|
|
| `pathlib` | stdlib | File system traversal |
|
|
|
|
## References
|
|
|
|
- OWASP Thick Client Top 10: https://owasp.org/www-project-thick-client-top-10/
|
|
- dnSpy: https://github.com/dnSpy/dnSpy
|
|
- Procmon: https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
|
|
- Frida: https://frida.re/docs/home/
|