See Sharper

Presented at Wild West Hackin' Fest 2018, Oct. 24, 2018, 5 p.m. (50 minutes)

There has been an increase in .NET and specifically C# payloads to carry out adversary objectives. There are many reasons for this. This talk will describe the architecture of the .NET CLR, how attackers are gaining execution via built in tools, and what defenders can do to increase their visibility and detection capabilities. We will provide examples from the fieldand actual intrusion attempts that leverage these techniques.

Presenters:

• Joe Moles - Red Canary
  Joe leads a team of security analysts to help organizations defend their endpoints against threats. An IR and digital forensics specialist, Joe Moles has more than a decade of experience running security operations and e-discovery. Prior to joining Red Canary, Joe built and led security operations, incident response, and e-discovery programs for Fortune 500 companies like OfficeMax and Motorola. He is regarded as an industry thought leader and regularly contributes to the Red Canary blog.
• Zac Brown - Red Canary
  Zac Brown is a Principal Software Engineer at Red Canary focused on Blue Team Detection & Engineering. Prior to working at Red Canary, he worked for Microsoft on the Windows team and later the Office 365 Security Team. Zac likes long walks on the beach, operating systems internals, and working on compilers. In his non-existent free time, he enjoys spending time with his wife and dogs, reading, and cooking.

Links:

• https://wwhf18.sched.com/event/HSZU/see-sharper
• https://infocon.org/cons/Wild West Hackin Fest/Wild West Hackin Fest - Deadwood 2018/See Sharper.mp4
• https://infocon.org/cons/Wild West Hackin Fest/Wild West Hackin Fest - Deadwood 2018/See Sharper.eng.srt (subtitles)

Similar Presentations:

• DEF CON China 1.0 (2019) / You are not hiding from me .NET
• Summercon 2014 / The Agony and the Ecstasy of .NET Application Exploitation
• DEF CON 23 (2015) / Hijacking Arbitrary .NET Application Control Flow