Quick Retooling in Net for Red Teams

Explore offensive reconnaissance and live retooling techniques for red teams in this conference talk from Circle City Con 5.0. Learn about strategic and tactical purposes of retooling, current mechanisms, and advantages of using .NET. Discover how to apply CodeDom, utilize APIs, and implement dynamic compilation. Examine disadvantages and explore CSS extensions, temporary DLLs, in-memory generation, and process monitoring. Delve into removing artifacts, deleting files, application domains, and interop. Investigate compile-time locks, dynamic retooling, and dynamic linking runtime. Explore Python integration, DLR, assembly DLLs, and using code as payload. Gain insights on invalid DLL dependencies, loading DLLs from resources, and various build block ideas including .NET modules, reflection, memory mapping, and zip archives. Cover C#, IronPython, PowerShell, and managed execution toolkit concepts. Conclude with application whitelisting and a proof of concept demonstration.

Introduction
Outline
Offensive Recon
Live Retooling
Strategic Purpose
Tactical Purpose
Current Mechanisms
Net Advantages
Applying CodeDom
Using the API
Seesaw
Dynamic Compilation
Disadvantages
CSS Extensions
Temporary DLL
Generate in Memory
Process Monitor
Removing artifacts
Deleting files
Application Domains
Interop
Compile Time Lock
Dynamic Retool
Why not compile
Review
Dynamic Linking Runtime
Python
Python Code
DLR
Assembly DLL
Python R
Code as payload
Invalid dll dependency
Load DLL from resources
Build Block Ideas
Net Modules
Config
Reflection
Memory Map
Zip Archive
CSharp
IronPython
PowerShell
Delirium
Managed Execution Toolkit
Application Whitelisting
Proof of Concept