BYOI Payloads - Fusing the Power of .NET With a Scripting Language of Your Choosing

Explore the fusion of .NET with scripting languages in this 54-minute conference talk from 44CON Information Security Conference. Delve into the world of BYOI (Bring Your Own Interpreter) payloads as Marcello Salvati guides you through generating .NET assemblies, understanding interoperability, and embedding various scripting languages. Learn about common issues, examine code examples, and witness demonstrations of IronPython and ClearScript. Discover the power of built-in compilers, asynchronous execution, and Silent Trinity. Gain insights into how these techniques work and their potential impact on security. Conclude with a discussion on MiniDump and detection methods, equipping you with valuable knowledge for both offensive and defensive cybersecurity practices.

Introduction
Overview
Who am I
Agenda
Motivation
Generating NET Assembly
NET Assembly Format
NET Languages
Why C
Interoperability
Embedding
Common Issues
IronPython
Code Examples
Code Example
Invoke Jumpscare
Shell Code
Clear Script
Clear Script Demo
Other Scripting Languages
Builtin Compilers
Silent Trinity
Asynchronous
How It Works
Demo
MiniDump
Detection