.NET Manifesto - Win Friends and Influence the Loader

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 7, 2019, 5:30 p.m. (30 minutes)

Everything you never wanted to know about .NET manifests and influencing binary loading . A growing number of security tools, both offensive and defensive rely on the .NET Framework. This talk will focus on a narrow but important aspect. We will cover Application and Machine configuration files, as well as Registration-Free and Side-By-Side Assembly loading. What do all these have in common?Manifests. XML manifest can influence how the Operating System locates and executes binaries. We will explore additional concepts around influencing assembly loads. This talk will provide excellent insight into how these mechanisms work. How they can be subverted, and how they can be instrumented to aid defenders.

Presenters:

• Casey Smith
  Casey has a passion for understanding and testing the limits of and assertions of defensive systems.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/NET Manifesto Win Friends and Influence the Loader Casey Smith.mp4
• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/NET Manifesto Win Friends and Influence the Loader Casey Smith.eng.srt (subtitles)
• https://www.youtube.com/watch?v=BIJ2L_rM9Gc

Similar Presentations:

• Black Hat USA 2011 / Hacking .Net Applications: The Black Arts
• Summercon 2014 / The Agony and the Ecstasy of .NET Application Exploitation
• ToorCamp 2016 / Reverse Engineering and Attacking .NET Applications