This document contains the notes from a presentation titled "Hacking .NET Applications: The Black Arts" given by Jon McCoy at AppSec USA 2014 in Denver, Colorado. The presentation covered attacking .NET applications by decompiling code, injecting code at runtime, exploiting weaknesses in validation checks, replaying registration codes, and cracking hardcoded crypto keys. It also discussed protections like obfuscation and discussed the risks of data leaks, weak crypto, and clear text password storage.