Topher Timzen & Ryan Allen - Hijacking Arbitrary .NET Application Control Flow - 101 Track

Materials Available Here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-NET-Application-Control-Flow-UPDATED.pdf Whitepaper here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-NET-Application-Control-Flow-WP.pdf Additional Materials: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Topher-Timzen-Acquiring-NET-Objects-From-The-Managed-Heap.pdf Hijacking Arbitrary .NET Application Control Flow Topher Timzen Security Researcher - Intel White paper available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Topher Timzen & Ryan Allen - UPDATED/DEFCON-23-Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-NET-Application-Control-Flow-WP.pdf This speech will demonstrate attacking .NET applications at runtime. I will show how to modify running applications with advanced .NET and assembly level attacks that alter the control flow of any .NET application. New attack techniques and tools will be released to allow penetration testers and attackers to carry out advanced post exploitation attacks. This presentation gives an overview of how to use these tools in a real attack sequence and gives a view into the .NET hacker space. Topher Timzen has had a research emphasis on reverse engineering malware, incident response and exploit development. He has instructed college courses in malware analysis and memory forensics while managing a cybersecurity research lab. Focusing on .NET memory hijacking, he has produced tools that allow for new post exploitation attack sequences. Topher is currently a Security Researcher at Intel. Twitter: @TTimzen

There are no comments yet.

Please log in to write the first comment.