Desktop App & CAD Plugin Review
Installed software brings its attack surface with it.
Binary, runtime, and IPC analysis of Windows desktop applications and host-application plugins (AutoCAD, 3ds Max, Revit). Local privilege boundaries, secure storage, update channels, license logic — every place where a clever local user could turn the software against itself or its publisher.
Scope
What we test.
- Static and dynamic analysis of installed binaries / .NET assemblies
- Local privilege escalation, DLL hijacking, IPC abuse
- Secure storage of credentials, tokens, license keys
- Update channel hijacking and code-signing weaknesses
- Anti-tampering / anti-debug / DRM resistance assessment
- Embedded secrets, hardcoded keys, debug interfaces
- Host-application plugin surface — registered commands, ribbon, IPC to host
- Telemetry/logging — PII leakage, unintended exfiltration
Methodology
How we work.
Binary first
We work from the installed binary the way an attacker does. Source access optional, not required.
Update channel scrutiny
Update mechanisms get extra attention — they're the highest-blast-radius vector in any installed app.
Hardening-oriented
Findings come with build-pipeline hardening guidance — signing, mitigations, side-channel reduction.
Deliverables
What you get.
- Binary security report with reproduction artifacts where useful
- Build-pipeline hardening checklist (signing, mitigations, debug surface)
- Optional re-test pass after remediation, scoped separately
Timeline
Typical engagement.
Phase 01 · Week 0
Scoping & build access
Installer, build access if available, threat actor tier.
Phase 02 · 2–3 weeks
RE & dynamic analysis
Reverse engineering, runtime instrumentation, IPC review.
Phase 03 · 3–5 days
Reporting
Findings + hardening guidance.
Public references
We work against these.
Open standards we use as the floor for the engagement — not certifications we hold or issue. Findings are tied back to the relevant control IDs so your engineers can defend the remediation in technical reviews.
Our reports are technical hardening guides — not formal audit evidence. Compliance certificates are issued by your accredited auditor, not by us.
Ready to scope it?
The request form takes about three minutes. We respond within one business day.