Difference between revisions of "Hacking .NET Applications at Runtime: A Dynamic Attack"

From OWASP
Jump to: navigation, search
(The presentation)
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
== The presentation  ==
+
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]
  
[[Image:Owasp_logo_normal.jpg|right]]What do you do when you get inside of a .Net program? This presentation will demonstrate taking full advantage of the .Net world from the inside. Once inside of a program don't just put in a key-logger, remold it! I will present how to infiltrate, evaluate, subvert, combine, and edit .Net applications at Runtime. The techniques demonstrated will focus on the modification of core logic in protected .Net programs.
+
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 +
<br>
 +
== The presentation  ==
  
This will make almost every aspect of a target program susceptible to evaluation and change; and allow such hacks as the ability to intermix your favorite applications into a new Frankenstein App, compromise program level security, reverse engineer from memory, modify events, edit the GUI, hunt malware, get the code behind a button, and/or subvert program locks. Demo implementation and tools will be released.
+
[[Image:Jon_McCoy.jpg|right]]Increasingly desktop applications are created in .NET with C#, VB.NET, MC++, F#... by both small and large scale businesses. Securing these applications is becoming increasingly important as they hold critical security features and intellectual property.
  
The coding techniques presented will be applicable well beyond compromising the security of a running program. These techniques will grant programmers a new level of access and control over any .Net code, as well as granting the ability to use and integrate with most any .Net application. Creating a development path to test and build 3rd party patches within .Net.
+
This presentation will cover techniques designed to penetrate and subvert protected .NET Applications at Runtime. Such techniques will access running .NET programs to takeover the Live Object Structure and allow it to be directly traversed, modified, and subverted. This in turn makes the core logic malleable. I will demonstrate infecting software and implement changes to facilitate reverse engineering, software analysis, malware research, third-party patches, and much more.
  
What I hope attendees will gain from the presentation?
+
This vector of attack is for the most part completely unstoppable on owned systems. Compiled program protections such as Wrappers, Encryption Shells, Obfuscation, Anti-Debugging... all do nothing to stop this type of attack, they can only slow it.
  
# An understanding of how this attack is done.
+
These techniques are carried out using core features in the .NET Framework, so no crazy ASM magic or obscure soon to be fixed API is used. If you are a .NET programmer and did not think you would make hacks under a managed world, this is your chance to brake-out and learn how to produce hard core attacks.  
# Insight into hardening software systems.
+
# New ideas on how .NET can be used as an attack or defense platform.
+
# A .Net programmer attending should gain the necessary skills to control most any .Net application.
+
  
What makes this technology covered valuable:
+
== Jon McCoy ==
# This attack utilizes (almost exclusively) .NET technology to MonkeyPatch, a relatively new and unexplored area of attacking.
+
# This technique grants a potentially faster & different development path for attacks.
+
# This attack grants easy and robust control over .NET programs.
+
  
== The speaker  ==
+
Jon McCoy has been working in .NET since v1.1. He enjoys bending the rules and finding different and new ways to utilize .Net.
  
Speaker bio will be posted shortly.
+
He is a software engineer, both self taught and classically trained. He spent more then 10 years programming C++, but has focused on C#(.NET) for the last 7 years.
  
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]

Latest revision as of 20:30, 13 October 2010

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

The presentation

Jon McCoy.jpg
Increasingly desktop applications are created in .NET with C#, VB.NET, MC++, F#... by both small and large scale businesses. Securing these applications is becoming increasingly important as they hold critical security features and intellectual property.

This presentation will cover techniques designed to penetrate and subvert protected .NET Applications at Runtime. Such techniques will access running .NET programs to takeover the Live Object Structure and allow it to be directly traversed, modified, and subverted. This in turn makes the core logic malleable. I will demonstrate infecting software and implement changes to facilitate reverse engineering, software analysis, malware research, third-party patches, and much more.

This vector of attack is for the most part completely unstoppable on owned systems. Compiled program protections such as Wrappers, Encryption Shells, Obfuscation, Anti-Debugging... all do nothing to stop this type of attack, they can only slow it.

These techniques are carried out using core features in the .NET Framework, so no crazy ASM magic or obscure soon to be fixed API is used. If you are a .NET programmer and did not think you would make hacks under a managed world, this is your chance to brake-out and learn how to produce hard core attacks.

Jon McCoy

Jon McCoy has been working in .NET since v1.1. He enjoys bending the rules and finding different and new ways to utilize .Net.

He is a software engineer, both self taught and classically trained. He spent more then 10 years programming C++, but has focused on C#(.NET) for the last 7 years.