The Agony and the Ecstasy of .NET Application Exploitation

Presented at Summercon 2014, June 5, 2014, noon (50 minutes).

This talk will cover the current state of .NET security/exploitation, using real-world examples of application-level vulnerabilities to framework bugs. Additionally, I will .NET security features and how to bypass, including bypassing strong-name signing including the GAC. Then, I will provide a short demo on how to modify the behavior of the .NET framework through DLL byte patching. Finally I will discuss defensive programming practices which can be used to guard against .NET vulnerabilities.

Presenters:

• Kelly Lum / Aloria   as Aloria
  Aloria has "officially" worked in Information Security since 2003, in everything from startups to government organizations to finance. She is currently an Information Security Officer at a financial company and reads a lot of source code.

Links:

• https://www.summercon.org/archives/2014/presentations.html#dotnet

Similar Presentations:

• DEF CON 23 (2015) / Hijacking Arbitrary .NET Application Control Flow
• DEF CON 18 (2010) / Hacking .NET Applications at Runtime: A Dynamic Attack
• Black Hat USA 2011 / Hacking .Net Applications: The Black Arts