Hacking .Net Applications At Runtime: A Dynamic Attack presented at OWASP Appsec 2010

by Jon Mccoy,

Tags: Application Security

URL : http://www.owasp.org/index.php/Hacking_.NET_Applications_at_Runtime:_A_Dynamic_Attack

Summary : Increasingly desktop applications are created in .NET with C#, VB.NET, MC++, F#... by both small and large scale businesses. Securing these applications is becoming increasingly important as they hold critical security features and intellectual property.

This presentation will cover techniques designed to penetrate and subvert protected .NET Applications at Runtime. Such techniques will access running .NET programs to takeover the Live Object Structure and allow it to be directly traversed, modified, and subverted. This in turn makes the core logic malleable. I will demonstrate infecting software and implement changes to facilitate reverse engineering, software analysis, malware research, third-party patches, and much more.

This vector of attack is for the most part completely unstoppable on owned systems. Compiled program protections such as Wrappers, Encryption Shells, Obfuscation, Anti-Debugging... all do nothing to stop this type of attack, they can only slow it.

These techniques are carried out using core features in the .NET Framework, so no crazy ASM magic or obscure soon to be fixed API is used. If you are a .NET programmer and did not think you would make hacks under a managed world, this is your chance to brake-out and learn how to produce hard core attacks