This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Hacking .NET Applications at Runtime: A Dynamic Attack"
Mark.bristow (talk | contribs) (Created page with '== The presentation == rightWhat do you do when you get inside of a .Net program? This presentation will demonstrate taking full advantage of th…') |
Mark.bristow (talk | contribs) (→The presentation) |
||
| Line 1: | Line 1: | ||
== The presentation == | == The presentation == | ||
| − | [[Image:Owasp_logo_normal.jpg|right]]What do you do when you get inside of a .Net program? This presentation will demonstrate taking full advantage of the .Net world from the inside. Once inside of a program don | + | [[Image:Owasp_logo_normal.jpg|right]]What do you do when you get inside of a .Net program? This presentation will demonstrate taking full advantage of the .Net world from the inside. Once inside of a program don't just put in a key-logger, remold it! I will present how to infiltrate, evaluate, subvert, combine, and edit .Net applications at Runtime. The techniques demonstrated will focus on the modification of core logic in protected .Net programs. |
This will make almost every aspect of a target program susceptible to evaluation and change; and allow such hacks as the ability to intermix your favorite applications into a new Frankenstein App, compromise program level security, reverse engineer from memory, modify events, edit the GUI, hunt malware, get the code behind a button, and/or subvert program locks. Demo implementation and tools will be released. | This will make almost every aspect of a target program susceptible to evaluation and change; and allow such hacks as the ability to intermix your favorite applications into a new Frankenstein App, compromise program level security, reverse engineer from memory, modify events, edit the GUI, hunt malware, get the code behind a button, and/or subvert program locks. Demo implementation and tools will be released. | ||
Revision as of 22:44, 16 September 2010
The presentation
This will make almost every aspect of a target program susceptible to evaluation and change; and allow such hacks as the ability to intermix your favorite applications into a new Frankenstein App, compromise program level security, reverse engineer from memory, modify events, edit the GUI, hunt malware, get the code behind a button, and/or subvert program locks. Demo implementation and tools will be released.
The coding techniques presented will be applicable well beyond compromising the security of a running program. These techniques will grant programmers a new level of access and control over any .Net code, as well as granting the ability to use and integrate with most any .Net application. Creating a development path to test and build 3rd party patches within .Net.
What I hope attendees will gain from the presentation?
- An understanding of how this attack is done.
- Insight into hardening software systems.
- New ideas on how .NET can be used as an attack or defense platform.
- A .Net programmer attending should gain the necessary skills to control most any .Net application.
What makes this technology covered valuable:
- This attack utilizes (almost exclusively) .NET technology to MonkeyPatch, a relatively new and unexplored area of attacking.
- This technique grants a potentially faster & different development path for attacks.
- This attack grants easy and robust control over .NET programs.
The speaker
Speaker bio will be posted shortly.
