Hacking .NET(C#) Applications: The Black Arts (ASM attacks)

Presented at AppSec USA 2014, Sept. 19, 2014, 10:30 a.m. (45 minutes)

Attacking in live memory has been the area of highly skilled attackers with focused&costly tools. This presentation will cover new tools and techniques to allow attackers with basic entry level skill to attack .NET applications live in memory allowing for attacks on critical parts of applications such remolding games or banking software. The new tools will give a live view on memory in a 3D-GUI that allows for point and click attacks. The tools are free and the attacks are devastating and easy to carry out.

Presenters:

• Jon McCoy - Application Security Consultant - DigitalBodyGuard.com
  Jon McCoy is trained in Classical Software Engineering and Live System Forensics. He has released a number of tools and techniques for attacking/breaking/bending .NET Framework Application. He provides trainings in offensive and defensive software, consults on strategic policies and management, and provides outside security reviews for both Software and Infrastructure. He founded DigitalBodyGuard.com a general digital security firm that focuses on clients with thick applications. The firm brings a robust array of industry experiences from penetration testing and corporate training to front line software development and IT implementation.

Links:

• https://owaspappsecusa2014.sched.com/event/Nvwn7A/hacking-netc-applications-the-black-arts-asm-attacks
• https://www.youtube.com/watch?v=D9yBUgfiSe8

Similar Presentations:

• DEF CON 19 (2011) / Hacking .Net Applications: The Black Arts
• ToorCon San Diego 13 (2011) / Hacking .NET(C#) Applications: The Black Arts
• DEF CON 23 (2015) / Hijacking Arbitrary .NET Application Control Flow