Hacking .NET Applications at Runtime: A Dynamic Attack

From OWASP
Revision as of 20:30, 13 October 2010 by Mark.bristow (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

The presentation

Jon McCoy.jpg
Increasingly desktop applications are created in .NET with C#, VB.NET, MC++, F#... by both small and large scale businesses. Securing these applications is becoming increasingly important as they hold critical security features and intellectual property.

This presentation will cover techniques designed to penetrate and subvert protected .NET Applications at Runtime. Such techniques will access running .NET programs to takeover the Live Object Structure and allow it to be directly traversed, modified, and subverted. This in turn makes the core logic malleable. I will demonstrate infecting software and implement changes to facilitate reverse engineering, software analysis, malware research, third-party patches, and much more.

This vector of attack is for the most part completely unstoppable on owned systems. Compiled program protections such as Wrappers, Encryption Shells, Obfuscation, Anti-Debugging... all do nothing to stop this type of attack, they can only slow it.

These techniques are carried out using core features in the .NET Framework, so no crazy ASM magic or obscure soon to be fixed API is used. If you are a .NET programmer and did not think you would make hacks under a managed world, this is your chance to brake-out and learn how to produce hard core attacks.

Jon McCoy

Jon McCoy has been working in .NET since v1.1. He enjoys bending the rules and finding different and new ways to utilize .Net.

He is a software engineer, both self taught and classically trained. He spent more then 10 years programming C++, but has focused on C#(.NET) for the last 7 years.