This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Hacking .NET Applications at Runtime: A Dynamic Attack

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The presentation

Jon McCoy.jpg
Increasingly desktop applications are created in .NET with C#, VB.NET, MC++, F#... by both small and large scale businesses. Securing these applications is becoming increasingly important as they hold critical security features and intellectual property.

This presentation will cover techniques designed to penetrate and subvert protected .NET Applications at Runtime. Such techniques will access running .NET programs to takeover the Live Object Structure and allow it to be directly traversed, modified, and subverted. This in turn makes the core logic malleable. I will demonstrate infecting software and implement changes to facilitate reverse engineering, software analysis, malware research, third-party patches, and much more.

This vector of attack is for the most part completely unstoppable on owned systems. Compiled program protections such as Wrappers, Encryption Shells, Obfuscation, Anti-Debugging... all do nothing to stop this type of attack, they can only slow it.

These techniques are carried out using core features in the .NET Framework, so no crazy ASM magic or obscure soon to be fixed API is used. If you are a .NET programmer and did not think you would make hacks under a managed world, this is your chance to brake-out and learn how to produce hard core attacks.

Jon McCoy

Jon McCoy has been working in .NET since v1.1. He enjoys bending the rules and finding different and new ways to utilize .Net.

He is a software engineer, both self taught and classically trained. He spent more then 10 years programming C++, but has focused on C#(.NET) for the last 7 years.