YoVDO

Hacking .NET Applications - The Black Arts

Offered By: LASCON via YouTube

Tags

LASCON Courses Cybersecurity Courses Ethical Hacking Courses Reverse Engineering Courses Malware Analysis Courses

Course Description

Overview

Explore the dark arts of hacking .NET applications in this comprehensive conference talk from LASCON 2012. Delve into malware analysis, code review, and application penetration testing techniques. Learn how to overcome "secure" .NET applications, build keygens, cracks, hacks, and malware, and conduct reverse engineering for protection. Discover tools and methodologies for attacking .NET applications, including methods to flip checks, set values, cut logic, and fake system calls. Examine complex math attacks, static crypto key vulnerabilities, and various protection mechanisms such as code signing, strong names, and ACLs. Explore code obfuscation techniques, unmanaged calls, and methods to counter decompilation attempts. Gain insights into data collection, cryptographic key storage, and license number generation using MD5 hashing.

Syllabus

Intro
Training Malware Analysis Code Review Application Penetration Testing Custom Security Modification Research
How-To Attack .NET Applications Tools and Methodology of Attacking Overcome "secure" .NET Applications Building KeyGen/Crack/Hacks/Malware Reverse Engineering for Protection
If you know the enemy and know yourself, you need not fear the results of a hundred battles.
Flip The Check Set Value is "True" Cut The Logic Return True Access Value
1 Fake the Call SystemID = 123456789 2. Fake the Request 3. Fake the Reply Reg Code = 13V541 4. Win *Registered True
COMPLEX MATH 1. Chop up the Math 2. Attack the Weak 3. ?????????? 4. Profit
Static Crypto Key Vector init = 0 Clear TXT Password Storage
Protection - Security Signed code (1024 bit CRYPTO) Verify the creator Strong Names ACLS......... M$ stuff Try to SHUTDOWN Tampering
Code Obfuscation Logic Obfuscation Unmanaged calls...to C/C++/ASM Shells / Packers / Encrypted code Try to SHUTDOWN Decompilation
The Data sent home is Application Info User / Registartion Info Security / System Info
The Crypto Key is A Hard Coded Key The Licence Number A MD5 Hash of the Pass


Taught by

LASCON

Related Courses

Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera
Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax
Android Malware Analysis - From Zero to Hero
Udemy
How to Create and Embed Malware (2-in-1 Course)
Udemy