YoVDO

Hacking .NET Applications - The Black Arts

Offered By: LASCON via YouTube

Tags

LASCON Courses Cybersecurity Courses Ethical Hacking Courses Reverse Engineering Courses Malware Analysis Courses

Course Description

Overview

Explore the dark arts of hacking .NET applications in this comprehensive conference talk from LASCON 2012. Delve into malware analysis, code review, and application penetration testing techniques. Learn how to overcome "secure" .NET applications, build keygens, cracks, hacks, and malware, and conduct reverse engineering for protection. Discover tools and methodologies for attacking .NET applications, including methods to flip checks, set values, cut logic, and fake system calls. Examine complex math attacks, static crypto key vulnerabilities, and various protection mechanisms such as code signing, strong names, and ACLs. Explore code obfuscation techniques, unmanaged calls, and methods to counter decompilation attempts. Gain insights into data collection, cryptographic key storage, and license number generation using MD5 hashing.

Syllabus

Intro
Training Malware Analysis Code Review Application Penetration Testing Custom Security Modification Research
How-To Attack .NET Applications Tools and Methodology of Attacking Overcome "secure" .NET Applications Building KeyGen/Crack/Hacks/Malware Reverse Engineering for Protection
If you know the enemy and know yourself, you need not fear the results of a hundred battles.
Flip The Check Set Value is "True" Cut The Logic Return True Access Value
1 Fake the Call SystemID = 123456789 2. Fake the Request 3. Fake the Reply Reg Code = 13V541 4. Win *Registered True
COMPLEX MATH 1. Chop up the Math 2. Attack the Weak 3. ?????????? 4. Profit
Static Crypto Key Vector init = 0 Clear TXT Password Storage
Protection - Security Signed code (1024 bit CRYPTO) Verify the creator Strong Names ACLS......... M$ stuff Try to SHUTDOWN Tampering
Code Obfuscation Logic Obfuscation Unmanaged calls...to C/C++/ASM Shells / Packers / Encrypted code Try to SHUTDOWN Decompilation
The Data sent home is Application Info User / Registartion Info Security / System Info
The Crypto Key is A Hard Coded Key The Licence Number A MD5 Hash of the Pass


Taught by

LASCON

Related Courses

Comparing WAF and RASP - Why?
LASCON via YouTube
API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube
Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube
Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube
Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube