Vulnerable Windows Application for Pentesters from the house of DarkRelay Security Labs. The project is along the lines of DVWA, AWSGoat and other similar projects, to help the cybersecurity community practise their skills in thick client penetration testing.
Warning! You are about to install DarkRelay's Vulnerable Windows Application! Purpose of the application is to educate students on Windows thick client penetration testing. If you use this application for malicious means or if your server is compromised via an installation of this application, DarkRelay does not hold any responsibility! DarkRelay or it's contributors will not be responsible for misuse of this application.
If you have more questions, please write to us via get-started or email us at: info@darkrelay.com
https://www.darkrelay.com/post/thick-client-penetration-testing
- DLL Hijacking
- EXE Hijacking
- Symlink Attacks
- IFEO Injection
- Unquoted Service Path
- Man In the Middle Attack
- Weak Named Pipe
- Weak Memory Protection
- Stack Buffer Overflow
- Absence of Digital Signatures
- COM Hijacking
- Process Injection
Install the msi as an Administrator
Windows 10 x64, Windows 2016 and 2019 x64
- Microsoft Sysinternal Tools
- Immunity Debugger
- Symboliclink-testing-tools from Google
- Echo Mirage
- Regshot
- Windows Attack Surface Analyzer
- mingw compiler c++
- Add more vulnerabilities.
- Add test cases.
- Add and verify multi platform support.
This project is available under the Apache 2.0 license.
Please open a pull request with your changes and drop a mail to info@darkrelay.com requesting approval.