Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:The Black Arts (v3)

•Download as PPTX, PDF•

1 like•919 views

This document contains the notes from a presentation titled "Hacking .NET Applications: The Black Arts" given by Jon McCoy at AppSec USA 2014 in Denver, Colorado. The presentation covered attacking .NET applications by decompiling code, injecting code at runtime, exploiting weaknesses in validation checks, replaying registration codes, and cracking hardcoded crypto keys. It also discussed protections like obfuscation and discussed the risks of data leaks, weak crypto, and clear text password storage.

Technology

AppSec USA 2014
Denver, Colorado
Hacking .NET Applications:
The Black Arts
AppSec – USA – 2014
Jon McCoy

2
DenHac - DenHac.ORG
Monday 8:00
700 Kalamath St. Denver CO

3
WHAT IS .NET?
NOT Microsoft
Cross Platform
Next Step From C++/JAVA
FUTURE COMPATIBLE
PLATFORM INDEPENDENT

16
IL – Intermediate Language
Code of the Matrix |||| NEW ASM

17
DECOMPILE
C# - 13 LINES
LINES
C# - 15
IL - 34
ASM - 77

18
C# -IL1 5- 34
ASM - 77
HOW MUCH CODE DO YOU
NEED TO READ`

Attacking/Cracking
IN MEM |||| ON DISK
19

20
ATTACKING .NET
ATTACK
THE CODE ON DISK

22
ASM Attacking
Basics of ASM in .NET
Demo

26
ATTACKING .NET
APPLICATIONS: AT RUNTIME

28
ATTACKING .NET
ATTACK WHILE
THE APP IS RUNNING

31
BAD IDEA
Some Things Are Just A Bad Idea!!!

32
101 - ATTACK ON DISK
Connect/Open - Access Code
Decompile - Get code/tech
Infect - Change the target's code
Exploit - Take advantage
Remold/Recompile - WIN

33
THE WEAK SPOTS
Flip The Check
Set Value is “True”
Cut The Logic
Return True
Access Value

34
SET F VLAIPL U TEH ET OC H “TERCUKE”
bool Registered = ftfraullssee;;;
IIff((aa!=====bbb)))

35
RETURN TRUE
bool IsRegistered()
{
Return TRUE;
........................
}

36
CUT THE LOGIC
string sqlClean(string x)
{
Return x;
}

37
CRACK THE KEY
Public/Private
3/B==Name*ID*7
Call Server
Demo = True;
Complex Math
==
==
==
==
== Complex Math
Change Key
ASK what is /B?
Hack the Call
Set Value
1% of the time the KeyGen is given

38
PUBLIC/PRIVATE KEY
If you can beat them
Why join them
Key = “F5PA11JS32DA”
Key = “123456ABCDE”

Reg Code = f3V541
39
SERVER CALL
1. Fake the Call
2. Fake the Request
3. Fake the Reply
4. Win
“Send”
SystemID = 123456789
*Registered = True*

40
REG CODE REPLAY
Name:
JON DOE
Code: ==
98qf3uy
!=
5G*C9P3
FAIL

42
REG CODE REPLAY
Name:
JON DOE
Code: ==
5G9P3
5G*C9P3
WIN

43
COMPLEX MATH
1. Chop up the Math
2. Attack the Weak
3. ??????????
4. Profit

44
WHAT STOPS THIS?
What is the security?

PROTECTION ON DISK
Protection - Security by 0b$cur17y
45
Code Obfuscation
Logic Obfuscation
Unmanaged calls…to C/C++/ASM
Shells / Packers / Encrypted(code)
Try to SHUTDOWN
Decompilation

48
PROTECTION ON DISK
0bfu$ca7ed
DEMO
FAIL

51
PROTECTION ON DISK
Shells
Pack/Encrypt the EXE

52
IT CAN BE THAT EZ
‘’TT
What is the security?

54
ATTACK VECTOR
VISUAL STUDIO
Exploit – Run arbitrary code
First noted in 2004
Get developer Keys
Attack the SVN & DB
www.pretentiousname.com/misc/
win7_uac_whitelist2.html

57
SECURITY
The Login security check is
Does A == B
Does MD5%5 == X
Is the Pass the Crypto Key

58
DATA LEAK
The Data sent home is
Application Info
User / Registartion Info
Security / System Info

59
KEY
The Crypto Key is
A Hard Coded Key
The Licence Number
A MD5 Hash of the Pass
6Salt 6MD5 Hash of the Pass

60
CRYPTO
The Crypto is
DES 64
Tripple DES 192
Rijndael AES 256
Home MIX (secure/unsecure)

62
MORE INFORMATION @:
www.DigitalBodyGuard.com
JonM@DigitalBodyGuard.com
Jon McCoy

63
HACK THE LOGIN
DEMO
PASS THE KEY
SHOW THE KEY

64
HACK THE KEY
DEMO
APPSEC-USA 2011
999ca10a050f4bdb31f7e1f39d9a0dda

65
Encrypted Data
Static Crypto Key
Vector init = 0
Clear TXT Password Storage

Patrick Sayler discusses using Amazon Connect to automate social engineering via phone calls. Amazon Connect allows for easy setup of an automated phone system that supports inbound and outbound calls, audio recording, call routing, and integration with other AWS services. Sayler demonstrates how this could be used for attacks like SMS phishing, email phishing with phone follow-up, and making outbound distraction calls to bypass receptionists. The system provides scalability, centralized management of recordings and data, and opportunities for additional automation through services like Lex, Lambda, and Transcribe.

Automated Social Engineering for the Antisocial Engineer

Patrick Sayler

While modern technical controls and protections can thwart basic phishing attempts, phone communication remains a lucrative avenue for would-be attackers. This is a typical route used to gain a foothold into an environment via an unsuspecting employee. However, this time-consuming manual process makes documenting and utilizing your social engineering results difficult. Fortunately, existing interactive voice response (IVR) technology can help solve this problem. While these systems are typically used to assist people, we could also leverage them to attack. The abundance of cloud-based services makes this easy to accomplish and even easier to expand upon with your own custom scenarios, all while capturing respondent information. This presentation will cover how to take existing, off-the-shelf tools and configure them to build your own social engineering “robot”.

kranonit S04E02 Кирил Jstor: Hacking .NET applications

Krivoy Rog IT Community

This document discusses hacking .NET applications by accessing and attacking the runtime structure. It describes tools like payloads, Metasploit, decompilers and IDA Pro that can be used. The attack process involves modifying runtime objects like the GUI to instantiate new features and access code. Specific tasks discussed include connecting to databases, finding and moving between objects, and changing objects. A demo is provided of injecting code to exploit the target application and infect the .NET framework. Benefits discussed include bug hunting, flexible programs, and custom defensive payloads.

OWASP Ireland June Chapter Meeting - Paul Mooney on ARMOR & CSRF

Paul Mooney

Hta r33

SelectedPresentations

This document discusses exploiting vulnerabilities in PHP systems used by cybercriminals to manage exploit kits. It describes how exploit kits work and why attackers use PHP, noting that PHP systems often lack security protections. It then details methods for bypassing authentication on several exploit kit systems, including brute force cracking weak passwords, and exploiting vulnerabilities after authentication to gain remote code execution on the attackers' systems. Specific vulnerabilities are demonstrated for the Phoenix, Blackhole 2, and Sakura exploit kits. The document concludes that even exploit kits themselves can be vulnerable to "PHP injections" and other attacks given the large attack surface exposed after authentication.

0x01 - Breaking into Linux VMs for Fun and Profit

Russell Sanford

Introduction to Public Key Cryptography

Kelley Robinson

This document provides an introduction to public key cryptography. It explains that public key crypto uses two keys - a public key that can be shared and a private key that is kept secret. The document discusses how public key crypto works using RSA encryption as an example. It also covers other common public key crypto algorithms like Diffie-Hellman key exchange and elliptic curve cryptography. The document discusses key sizes and their relationship to security strength and provides examples of public key crypto implementations in Python.

Reverse code engineering

Krishs Patil

The document discusses bypassing address space layout randomization (ASLR) on Linux. It begins with a refresher on buffer overflows and modern protections like ASLR and DEP. It then explores finding fixed addresses in the .text section that are not subject to ASLR to redirect execution, such as calls and jumps to registers. The document shows searching binaries for these instruction sequences and checking register values to leverage them for exploiting a vulnerable program while ASLR is enabled.

Code Red Security

Amr Ali

The document discusses various techniques for deception and bypassing security checks, including: 1) Using iptables and the TARPIT and DELUDE targets to deceive port scanners by simulating open ports or terminating connections. 2) Writing x64 shellcode and understanding differences from x86 in CPU registers and the kernel ABI. 3) Performing DL-injection attacks by injecting a dynamic library to override functions like getuid() and bypass authentication. 4) Demonstrating process hijacking using ptrace() to inject shellcode and escalate privileges. 5) Mounting a local privilege escalation attack after gaining initial user access.

Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...

Cristofaro Mune

This talk has been presented at Microsoft BlueHat IL 2019 security conference, by Niek Timmers, Albert Spruyt and Cristofaro Mune. Secure boot is the fundamental building block of the security implemented in a large variety of devices. From mobile phones, to Internet of Things (IoT) or Electronic Control Units (ECUs) found in modern cars. In this talk we focus on software and hardware attacks that may be carried on against Secure Boot implementations. We leverage our decade long experience in reviewing and attacking secure boot on embedded devices from different industries After a brief introduction, an overview of common attack patterns is provided, by discussing real vulnerabilities, exploits and attacks as case studies. We then discuss two new attacks, not discussed or demonstrated before, with the purpose of bringing new insights. The first one, takes place before CPU is even started, showing that a larger attack surface than usually explored is available. This also shows that FI can affect pure HW implementations, with no SW involved. The second one is an Encrypted Secure Boot bypass, yielding direct code execution. It is performed by using Fault Injection only and with a single glitch. Contrary to common beliefs, we show that FI-only attacks are possible against an Encrypted Secure Boot implementation, without requiring any encryption key. This shows that the need of reconsidering FI attacks impact and that encrypting boot stages alone is not a sufficient FI countermeasure. We also discuss countermeasures and possible mitigations throughout the whole presentation. With this talk, we hope to bring innovative and fresh material to a topic, which is a cornerstone of modern Product Security. The presentation at BlueHat IL 2019 featured the live demo of an Encrypted Secure Boot bypass attack.

Power of linked list

Peter Hlavaty

XCon 2014 => http://xcon.xfocus.org/ In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough. In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.

Playing CTFs for Fun & Profit

impdefined

This document discusses playing wargames and capture the flag (CTF) competitions for fun and learning. It recommends starting with wargames to gain hands-on experience with a variety of hacking challenges. CTF competitions are described as team-based events where players race to capture digital flags by solving technical security puzzles within time limits. The document shares experiences from CTF competitions, including exploiting vulnerabilities like SQL injection, buffer overflows, and command injection. It provides advice on useful tools and recommends starting CTFs and wargames for their educational benefits.

Defeating the entropy downgrade attack

Seth Wahle

This document discusses an entropy downgrade attack and provides solutions to strengthen a system's entropy and random number generation. It explains that computers have limited entropy for generating strong cryptographic keys. An attacker can force a system to generate keys using less entropy, making the keys easier to crack. The document recommends increasing the entropy pool size, optimizing entropy collection, using hardware entropy sources, and caching previously generated strong primes to strengthen a system against this attack. It provides code examples and tools to help implement these solutions.

Buffer Overflow - Smashing the Stack

ironSource

ironSource's security application expert, Tomer Zait, shares his insights on engineering in the stack. Tomer, an Ort Singalovsky alumnus himself, gave this presentation to the Ort Singalovsky students on their tour of ironSource's headquarters in Tel Aviv. Want to learn more about ironSource? Visit our website: www.ironsrc.com Follow us on Twitter @ironSource ironSource is looking for new talent! Check out our openings: http://bit.ly/Work-at-ironSource

Cryptography and network security

patisa

This document provides an overview of cryptography including: 1. Cryptography is the process of encoding messages to protect information and ensure confidentiality, integrity, authentication and other security goals. 2. There are symmetric and asymmetric encryption algorithms that use the same or different keys for encryption and decryption. Examples include AES, RSA, and DES. 3. Other techniques discussed include digital signatures, visual cryptography, and ways to implement cryptography like error diffusion and halftone visual cryptography.

OIVM

Adwiteeya Agrawal

This document describes a project to develop a model that can slow down software cracking and reversing. It discusses implementing a virtual machine with a customized instruction set and porting encryption and packing routines. The system design includes 7 registers, a stack, and 183 instructions across 11 categories. Implementation details and tests are provided, showing difficulty reversing the obfuscated code. Future work ideas include adding anti-debugging and randomization.

Cryptography

Suhepi Saputri

This document provides an introduction to cryptography. It discusses the basic terms, notations, and structures of cryptography including private and public key cryptography examples. It also discusses modern secret key ciphers, encryption, attacks on ciphers, and the design of private key ciphers. The document contains examples of the Caesar cipher and a toy example of private and public key cryptography. It outlines principles of private key encryption and applications of modern cryptography.

Advanced System Security and Digital Forensics

Dr. Ramchandra Mangrulkar

The document describes experiments related to system security and digital forensics. The first experiment involves using static code analysis tools like RATS and Flawfinder to analyze code samples for vulnerabilities. The second experiment describes installing and using the vulnerability scanner Nessus to scan systems for known vulnerabilities. The third experiment explores using the website copier HTTrack to download a website from the internet to a local directory while preserving the directory structure and links. The fourth experiment demonstrates configuring router security using passwords and access lists on Cisco Packet Tracer to filter traffic between VLANs and networks.

Automotive Cybersecurity: Test Like a Hacker

ForAllSecure

Learn the techniques used by award-winning hacking teams (as well as in some real-world attacks) to identify and exploit vulnerabilities in OEM components and other automotive software. This presentation covers fundamental principles, as well as how to easily incorporate these techniques into unit or functional test stages - bringing an extra layer of protection to connected automobiles. We'll cover both how to best fit this type of testing into your pipeline to maximize speed and coverage, as well as discuss how to fit this offensive cyber security approach alongside your existing vulnerability scanning programs. Whether you're a vehicle manufacturer, integrator, or OEM - we'll discuss how to leverage hacking-based security techniques to improve protection across the supply chain and keep vehicles and drivers safer. What we'll cover: - Successful exploits of components and vehicles - what these attacks had in common - Layering offensive techniques atop existing security programs - what to do and what to avoid - How to test integrated systems with multiple components from different OEMs working in tandem - Integrating offensive testing into different stages in software development and component integration Originally presented at https://www.automotive-iq.com/events-automotive-cybersecurity

Hack your db before the hackers do

fangjiafu

This document discusses how to protect databases from SQL injection vulnerabilities by fuzz testing databases to find vulnerabilities before hackers do. It covers common SQL injection techniques like in-band and out-of-band injection. It then describes how to build a custom fuzzer using PL/SQL to fuzz test databases, track results, discover vulnerable code, invoke code with test parameters, and report findings. The document demonstrates how fuzz testing can find real vulnerabilities and provides examples of an interface and secure coding techniques to help prevent vulnerabilities.

Richard wartell malware is hard. let's go shopping!!

Shakacon

Writing a successful, protected, targeted, malicious binary is a software development task that requires great skill. A well-written piece of targeted malware should evade anti-virus solutions, hide its network communications, protect itself against reverse engineering, and clean up any forensic evidence of its existence on the system. However, writing a mediocre piece of targeted malware that works most of the time is easy. There are many publicly available backdoors, downloaders, and keyloggers that require little to no expertise to use, and poorly trained malware authors try to roll their own all the time. Working in malware detection and reverse engineering, I see some of the intelligent choices malware authors make, but more often I see the hilariously poor code they write. During this talk I will demonstrate how to reverse engineer real world malware. I will focus on samples with interesting and comical mistakes, as well as samples that are impressive and well written.

Eight simple rules to writing secure PHP programs

Aleksandr Yampolskiy

This document provides eight rules for writing secure PHP programs: 1. Use proper cryptography and do not invent your own algorithms. 2. Validate all input from external sources before using. 3. Sanitize data sent to databases or other systems to prevent injection attacks. 4. Avoid leaking sensitive information through error messages or other means. 5. Properly manage user sessions to prevent hijacking and ensure users remain authenticated. 6. Enforce authentication and authorization separately using least privilege. 7. Use SSL/TLS to encrypt all authenticated or sensitive communications. 8. Keep security straightforward and avoid relying on obscurity.

Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...

Vincenzo Iozzo

Charlie Miller and Vincenzo Iozzo presented techniques for post-exploitation on the iPhone 2 including: 1. Running arbitrary shellcode by overwriting memory protections and calling vm_protect to mark pages as read/write/executable. 2. Loading an unsigned dynamic library called Meterpreter by mapping it over an existing signed library, patching dyld to ignore code signing, and forcing unloaded of linked libraries. 3. Adding new functionality to Meterpreter, such as a module to vibrate and play a sound on the iPhone, demonstrating how payloads can be extended once loaded into memory.

DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...

Felipe Prado

The document discusses findings from analyzing the web interfaces and firmware of various VoIP phone models. Several vulnerabilities were found, including: - Cross-site scripting (XSS) in AudioCodes 405HD phone web interface allowing injection of scripts - Information leakage in Gigaset Maxwell Basic phone web interface revealing if an admin is logged in - Authentication bypass in Gigaset Maxwell Basic phone by manipulating the session token The methodology involved analyzing phone web traffic, extracting and emulating firmware, and investigating code like PHP files. Many phones were found to have weaknesses in their cryptography implementation or use of plaintext credentials.

Data Encryption at Rest

All Things Open

不深不淺，帶你認識 LLVM (Found LLVM in your life)

Douglas Chen

如果你問我什麼是LLVM，我會想說它是 Compiler 界的 iPhone，當年會做手機的公司這麼多，偏偏 Apple 這個後來者不但居上，還引領手機概念的風潮。LLVM 也正是這個角色，我們的生活愈來愈多產品的開發都與 LLVM 息息相關。它不只「炫」還很「屌」，這幾年 Apple, Google, Microsoft 一個個開始都有大型專案使用到 LLVM，在領域面只要與編譯器有相關從Machine Learning, RISC-V, JVM, Virtual Machine, Blockchain 都運用了 LLVM，科技進步成這樣了，你還能不知道什麼是 LLVM 嗎！

Onward15

sarah_nadi

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...

Jason Yip

The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.

The Microsoft 365 Migration Tutorial For Beginner.pptx

operationspcvita

Similar to Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:The Black Arts (v3)

07 - Bypassing ASLR, or why X^W matters

Alexandre Moneger

Code Red Security

Amr Ali

Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...

Cristofaro Mune

Power of linked list

Peter Hlavaty

Playing CTFs for Fun & Profit

impdefined

Defeating the entropy downgrade attack

Seth Wahle

Buffer Overflow - Smashing the Stack

ironSource

Cryptography and network security

patisa

OIVM

Adwiteeya Agrawal

Cryptography

Suhepi Saputri

Advanced System Security and Digital Forensics

Dr. Ramchandra Mangrulkar

Automotive Cybersecurity: Test Like a Hacker

ForAllSecure

Hack your db before the hackers do

fangjiafu

Richard wartell malware is hard. let's go shopping!!

Shakacon

Eight simple rules to writing secure PHP programs

Aleksandr Yampolskiy

Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...

Vincenzo Iozzo

DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...

Felipe Prado

Data Encryption at Rest

All Things Open

不深不淺，帶你認識 LLVM (Found LLVM in your life)

Douglas Chen

Onward15

sarah_nadi

Similar to Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:The Black Arts (v3) (20)

07 - Bypassing ASLR, or why X^W matters

Code Red Security

Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...

Power of linked list

Playing CTFs for Fun & Profit

Defeating the entropy downgrade attack

Buffer Overflow - Smashing the Stack

Cryptography and network security

OIVM

Cryptography

Advanced System Security and Digital Forensics

Automotive Cybersecurity: Test Like a Hacker

Hack your db before the hackers do

Richard wartell malware is hard. let's go shopping!!

Eight simple rules to writing secure PHP programs

Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...

DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...

Data Encryption at Rest

不深不淺，帶你認識 LLVM (Found LLVM in your life)

Onward15

Recently uploaded

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...

Jason Yip

The Microsoft 365 Migration Tutorial For Beginner.pptx

operationspcvita

Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...

manji sharman06

MySQL InnoDB Storage Engine: Deep Dive - Mydbops

Mydbops

This presentation, titled "MySQL - InnoDB" and delivered by Mayank Prasad at the Mydbops Open Source Database Meetup 16 on June 8th, 2024, covers dynamic configuration of REDO logs and instant ADD/DROP columns in InnoDB. This presentation dives deep into the world of InnoDB, exploring two ground-breaking features introduced in MySQL 8.0: • Dynamic Configuration of REDO Logs: Enhance your database's performance and flexibility with on-the-fly adjustments to REDO log capacity. Unleash the power of the snake metaphor to visualize how InnoDB manages REDO log files. • Instant ADD/DROP Columns: Say goodbye to costly table rebuilds! This presentation unveils how InnoDB now enables seamless addition and removal of columns without compromising data integrity or incurring downtime. Key Learnings: • Grasp the concept of REDO logs and their significance in InnoDB's transaction management. • Discover the advantages of dynamic REDO log configuration and how to leverage it for optimal performance. • Understand the inner workings of instant ADD/DROP columns and their impact on database operations. • Gain valuable insights into the row versioning mechanism that empowers instant column modifications.

Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels

Northern Engraving

Northern Engraving | Nameplate Manufacturing Process - 2024

Northern Engraving

Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!

Christine's Product Research Presentation.pptx

christinelarrosa

ScyllaDB Tablets: Rethinking Replication

ScyllaDB

ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.

PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx

christinelarrosa

Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors

DianaGray10

Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more. The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications. We’ll discuss and demo the benefits of UiPath Apps and connectors including: Creating a compelling user experience for any software, without the limitations of APIs. Accelerating the app creation process, saving time and effort Enjoying high-performance CRUD (create, read, update, delete) operations, for seamless data management. Speakers: Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP Charlie Greenberg, host

Leveraging the Graph for Clinical Trials and Standards

Neo4j

Apps Break Data

Ivo Velitchkov

How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?

Day 2 - Intro to UiPath Studio Fundamentals

UiPathCommunity

In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project. 📕 Detailed agenda: Variables and Datatypes Workflow Layouts Arguments Control Flows and Loops Conditional Statements 💻 Extra training through UiPath Academy: Variables, Constants, and Arguments in Studio Control Flow in Studio

"$10 thousand per minute of downtime: architecture, queues, streaming and fin...

Fwdays

Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless. As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency. We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.

Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck

FilipTomaszewski5

Introducing BoxLang : A new JVM language for productivity and modularity!

Ortus Solutions, Corp

Just like life, our code must adapt to the ever changing world we live in. From one day coding for the web, to the next for our tablets or APIs or for running serverless applications. Multi-runtime development is the future of coding, the future is to be dynamic. Let us introduce you to BoxLang. Dynamic. Modular. Productive. BoxLang redefines development with its dynamic nature, empowering developers to craft expressive and functional code effortlessly. Its modular architecture prioritizes flexibility, allowing for seamless integration into existing ecosystems. Interoperability at its Core With 100% interoperability with Java, BoxLang seamlessly bridges the gap between traditional and modern development paradigms, unlocking new possibilities for innovation and collaboration. Multi-Runtime From the tiny 2m operating system binary to running on our pure Java web server, CommandBox, Jakarta EE, AWS Lambda, Microsoft Functions, Web Assembly, Android and more. BoxLang has been designed to enhance and adapt according to it's runnable runtime. The Fusion of Modernity and Tradition Experience the fusion of modern features inspired by CFML, Node, Ruby, Kotlin, Java, and Clojure, combined with the familiarity of Java bytecode compilation, making BoxLang a language of choice for forward-thinking developers. Empowering Transition with Transpiler Support Transitioning from CFML to BoxLang is seamless with our JIT transpiler, facilitating smooth migration and preserving existing code investments. Unlocking Creativity with IDE Tools Unleash your creativity with powerful IDE tools tailored for BoxLang, providing an intuitive development experience and streamlining your workflow. Join us as we embark on a journey to redefine JVM development. Welcome to the era of BoxLang.

Dandelion Hashtable: beyond billion requests per second on a commodity server

Antonios Katsarakis

This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).

Containers & AI - Beauty and the Beast!?!

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real. Keywords: AI, Containeres, Kubernetes, Cloud Native Event Link: https://meine.doag.org/events/cloudland/2024/agenda/#agendaId.4211

GNSS spoofing via SDR (Criptored Talks 2024)

Javier Junquera

In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security. This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing. The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.

Mutation Testing for Task-Oriented Chatbots

Pablo Gómez Abajo

Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots. To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.

Recently uploaded (20)

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...

The Microsoft 365 Migration Tutorial For Beginner.pptx

Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...

MySQL InnoDB Storage Engine: Deep Dive - Mydbops

Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels

Northern Engraving | Nameplate Manufacturing Process - 2024

Christine's Product Research Presentation.pptx

ScyllaDB Tablets: Rethinking Replication

PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx

Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors

Leveraging the Graph for Clinical Trials and Standards

Apps Break Data

Day 2 - Intro to UiPath Studio Fundamentals

"$10 thousand per minute of downtime: architecture, queues, streaming and fin...

Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck

Introducing BoxLang : A new JVM language for productivity and modularity!

Dandelion Hashtable: beyond billion requests per second on a commodity server

Containers & AI - Beauty and the Beast!?!

GNSS spoofing via SDR (Criptored Talks 2024)

Mutation Testing for Task-Oriented Chatbots

Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:The Black Arts (v3)

1. AppSec USA 2014 Denver, Colorado Hacking .NET Applications: The Black Arts AppSec – USA – 2014 Jon McCoy

2. 2 DenHac - DenHac.ORG Monday 8:00 700 Kalamath St. Denver CO

3. 3 WHAT IS .NET? NOT Microsoft Cross Platform Next Step From C++/JAVA FUTURE COMPATIBLE PLATFORM INDEPENDENT

4. 4 HACKER VS ATTACKER

5. 5

6. 6 NOT AMS LEVEL

7. 7 IDA PRO WHY NOT IDA?

8. 8 IDA PRO

9. 9 BACK WHEN

10. 10 BACK WHEN

11. 11 BUT….

12. 12 NOT IDA PRO

13. 13

14. 14

15. 15 NOT IDA PRO

16. 16 IL – Intermediate Language Code of the Matrix |||| NEW ASM

17. 17 DECOMPILE C# - 13 LINES LINES C# - 15 IL - 34 ASM - 77

18. 18 C# -IL1 5- 34 ASM - 77 HOW MUCH CODE DO YOU NEED TO READ`

19. Attacking/Cracking IN MEM |||| ON DISK 19

20. 20 ATTACKING .NET ATTACK THE CODE ON DISK

21. 21 ATTACKING ON DISK

22. 22 ASM Attacking Basics of ASM in .NET Demo

23. 23

24. 24 AMS

25. 25 GRAYWOLF ON DISK EDIT

26. 26 ATTACKING .NET APPLICATIONS: AT RUNTIME

27. 27 GRAYDRAGON INJECTION

28. 28 ATTACKING .NET ATTACK WHILE THE APP IS RUNNING

29. 29 Run and Inject SECURITY SYSTEMS

30. 30

31. 31 BAD IDEA Some Things Are Just A Bad Idea!!!

32. 32 101 - ATTACK ON DISK Connect/Open - Access Code Decompile - Get code/tech Infect - Change the target's code Exploit - Take advantage Remold/Recompile - WIN

33. 33 THE WEAK SPOTS Flip The Check Set Value is “True” Cut The Logic Return True Access Value

34. 34 SET F VLAIPL U TEH ET OC H “TERCUKE” bool Registered = ftfraullssee;;; IIff((aa!=====bbb)))

35. 35 RETURN TRUE bool IsRegistered() { Return TRUE; ........................ }

36. 36 CUT THE LOGIC string sqlClean(string x) { Return x; }

37. 37 CRACK THE KEY Public/Private 3/B==Name*ID*7 Call Server Demo = True; Complex Math == == == == == Complex Math Change Key ASK what is /B? Hack the Call Set Value 1% of the time the KeyGen is given

38. 38 PUBLIC/PRIVATE KEY If you can beat them Why join them Key = “F5PA11JS32DA” Key = “123456ABCDE”

39. Reg Code = f3V541 39 SERVER CALL 1. Fake the Call 2. Fake the Request 3. Fake the Reply 4. Win “Send” SystemID = 123456789 *Registered = True*

40. 40 REG CODE REPLAY Name: JON DOE Code: == 98qf3uy != 5G*C9P3 FAIL

41. 41 REG CODE REPLAY Name: Code: *C 5G9P3

42. 42 REG CODE REPLAY Name: JON DOE Code: == 5G9P3 5G*C9P3 WIN

43. 43 COMPLEX MATH 1. Chop up the Math 2. Attack the Weak 3. ?????????? 4. Profit

44. 44 WHAT STOPS THIS? What is the security?

45. PROTECTION ON DISK Protection - Security by 0b$cur17y 45 Code Obfuscation Logic Obfuscation Unmanaged calls…to C/C++/ASM Shells / Packers / Encrypted(code) Try to SHUTDOWN Decompilation

46. 46

47. 47

48. 48 PROTECTION ON DISK 0bfu$ca7ed DEMO FAIL

49. 49

50. 50 UNPROTECTED / PROTECTED

51. 51 PROTECTION ON DISK Shells Pack/Encrypt the EXE

52. 52 IT CAN BE THAT EZ ‘’TT What is the security?

53. 53

54. 54 ATTACK VECTOR VISUAL STUDIO Exploit – Run arbitrary code First noted in 2004 Get developer Keys Attack the SVN & DB www.pretentiousname.com/misc/ win7_uac_whitelist2.html

55. 55 LOOK INSIDE

56. 56 DON’T LOOK

57. 57 SECURITY The Login security check is Does A == B Does MD5%5 == X Is the Pass the Crypto Key

58. 58 DATA LEAK The Data sent home is Application Info User / Registartion Info Security / System Info

59. 59 KEY The Crypto Key is A Hard Coded Key The Licence Number A MD5 Hash of the Pass 6Salt 6MD5 Hash of the Pass

60. 60 CRYPTO The Crypto is DES 64 Tripple DES 192 Rijndael AES 256 Home MIX (secure/unsecure)

61. 61 FIN

62. 62 MORE INFORMATION @: www.DigitalBodyGuard.com JonM@DigitalBodyGuard.com Jon McCoy

63. 63 HACK THE LOGIN DEMO PASS THE KEY SHOW THE KEY

64. 64 HACK THE KEY DEMO APPSEC-USA 2011 999ca10a050f4bdb31f7e1f39d9a0dda

65. 65 Encrypted Data Static Crypto Key Vector init = 0 Clear TXT Password Storage

Editor's Notes

This presentation will cover how to own closed source .NET applications. I will cover the tools I will be releasing. and show how incredibly vulnerable .NET applications are
This is our target values and functionality This is the heart of the program To Dig down into another application and make it to the correct Object And that as well as know what the target is, is the hard part Once found and accessed changing the value of a target is easy in comparison
This is our target values and functionality This is the heart of the program To Dig down into another application and make it to the correct Object And that as well as know what the target is, is the hard part Once found and accessed changing the value of a target is easy in comparison

Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:The Black Arts (v3)

Recommended

Recommended

More Related Content

Similar to Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:The Black Arts (v3)

Similar to Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:The Black Arts (v3) (20)

Recently uploaded

Recently uploaded (20)

Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:The Black Arts (v3)

Editor's Notes