Most scanners stop at HTTP. Privilege Zero goes deeper — dissecting your desktop application at the binary, memory, and protocol level to find what automated tools are blind to.
Web application scanners and API testing tools are built for HTTP. Thick client applications — .NET WinForms, Java Swing, Electron, Qt, and native binaries — communicate through proprietary protocols, named pipes, COM interfaces, and custom binary formats that standard tools completely ignore.
The business logic lives inside the binary. Cryptographic keys get embedded. Authentication tokens are stored in SQLite databases readable by any local process. Privilege Zero brings the same rigour to your desktop software that elite researchers apply to the most complex targets.
A single thick client vulnerability — a hardcoded API key, a deserialisation gadget, an unsigned auto-update endpoint — can hand an attacker full server-side access. We find these before your clients do.
Identify the technology stack, communication channels (HTTP, TCP, named pipes, COM), and third-party library inventory before a single tool runs. We map what the application does before we test how it fails.
Decompile .NET assemblies, deobfuscate Java bytecode, and disassemble native binaries to inspect hardcoded credentials, weak cryptographic implementations, and dangerous deserialization call chains.
Attach Frida, x64dbg, or WinDbg to the live process to intercept authentication calls, observe token handling, and manipulate in-memory data structures — revealing logic flaws invisible to static analysis.
Proxy all client-server communications — including non-HTTP protocols — to test for parameter tampering, missing TLS validation, IDOR, and authentication bypass on every API endpoint the client contacts.
Enumerate and attack all inter-process communication: named pipes, COM objects, local sockets, shared memory segments, and Windows message queues for injection and privilege escalation opportunities.
Extract credentials, tokens, and PII from SQLite databases, AppData directories, registry hives, temporary files, and live process memory — quantifying exactly what an attacker with local access can harvest.
We decompile .NET, Java, and Electron applications to readable source and inspect assembly-level logic — not just what the application exposes over the network.
Runtime instrumentation lets us intercept function calls mid-execution — catching secrets that exist only in memory and vulnerabilities that manifest only at runtime.
Named pipes, COM, RPC, custom TCP — we test every communication channel the application uses, not just HTTP endpoints that a proxy can intercept.
Each finding identifies the responsible module, assembly, or function — with code-level remediation guidance that developers can act on immediately.
Business-risk narrative of findings mapped to potential impact: data breach, privilege escalation, or supply chain compromise.
Full per-finding documentation — CVSS v3.1 score, CWE identifier, reproduction steps, affected binary/module, and remediation code.
Annotated decompiled source, memory dumps, and Wireshark captures that support every critical finding — reproducible by your team.
Complimentary verification retest of all critical and high findings after you've shipped remediations.
Tell us your tech stack and we'll scope a fixed-price assessment within 24 hours.
Request Thick Client Assessment Talk to a Consultant