Upload File

attacking.net application at runtime an object level attack jon mccoy digitalbodyguard.com

  • Home
  • Documents
  • Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com
26
Attacking .NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Upload: cora-mccormick

Post on 31-Dec-2015

212 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Attacking .NET Application at Runtime

An Object Level Attack

Jon McCoyDigitalbodyGuard.com

Page 2: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

This presentation will cover.

•How to evaluate Closed-Source .NET applications

•Tools to gain access to running apps

•Show how incredibly vulnerable .NET applications are

•Soft Spots on Programs to Attack

Page 3: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Tools overview

•Tools to do reconnaissance, on the structure of .NET programs

•Payloads to deploy inside of target apps

•Beta - Decompilation Tool targeted at .NET Applications protected by wrappers/shells

Page 4: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

What is the attack?

Gain access to a target application Access the Object structure

Target/Evaluate GUI/Logic/State

•Subvert core logic

•Instantiate new Features/State

Page 5: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

What is a .NET Process

Gain access to a target application

Access the Object structure

Find the GUI/Logic/State

•Subvert core logic

•Instantiate new Features/State

Page 6: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Another Idea of Runtime in .NET

Page 7: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

What is the attack?

1. Accessing Running .NET Program

2. Run Payload

2. Access targets Object structure

3. Modify values and/or Objects

Page 8: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

A Runtime Application

Page 9: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Demo Connecting

Demo Connection To Running .NET app

Page 10: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Connect to the target application

•Inject Code

•Infect the target's code

• Infect the Framework

And Exploit

Page 11: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Demo: Connection

Injection

&

Exploit

Page 12: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

What is going on

Page 13: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

End to END

Page 14: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Demo: Visual Studio

Attacking from one line of

code

Page 15: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Moving in a Live Applocation

Page 16: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

More about Moving

Page 17: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Demo: Power Shell

Attacking from the Keyboard

Page 18: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

A Hacked Runtime Application

Page 19: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Demo: Other Ways In

TBD

Page 20: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Why is this better

Page 21: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Thanks To The

Related Works of

James Devlinwww.codingthewheel.com

Sorin Serbanwww.sorin.serbans.net/blog

Erez Metula www.appsec.co.il

Page 22: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

More information at:

FIN < NULL

http://www.DigitalbodyGuard.com

Page 23: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

More information at:

FIN > NULL

http://www.DigitalbodyGuard.com

Page 24: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

More information at:

FIN < NULL

http://www.DigitalbodyGuard.com

Page 25: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

Some stuff to check out

Erez Metula  

BOOK: Managed Code Rootkitshttp://www.amazon.com/Managed-Code-Rootkits-Hooking-Environments/dp/

1597495743/ref=sr_1_1?ie=UTF8&s=books&qid=1275638178&sr=1-1

 

at his website:

http://www.appsec.co.il/ 

Page 26: Attacking.NET Application at Runtime An Object Level Attack Jon McCoy DigitalbodyGuard.com

License

This Presentation and tool are licensed under

Creative Commons

Attribution-NonCommercial-ShareAlike 3.0


Stephanie McCoy Combustion

McCoy Tyner

PROVIDENCE CRISTO REY HIGH SCHOOL ANNUAL REPORT 2014 …€¦ · Annette (Mickey) Lentz Archdiocese of Indianapolis Jon Loftin MJ Insurance Mary McCoy Archdiocese of Indianapolis

Communicating the Desert LCC Vicki J. McCoy McCoy Communications & Training Atlanta, Georgia

Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:The Black Arts (v3)

McCoy Thesis

Gavin & Ingrid McCoy Present ProductPower! Informatio n Copyright Gavin & Ingrid McCoy @ 2011 - All rights reserved Gavin & Ingrid McCoy OxfordMarketingAcademy

McCoy Tyner - McCoy Tyner Plays Standards (Jap)

McCoy Matt__703__scanned

McCoy Portfolio 2014

McCoy Tyner Transcriptions

McCoy House - jrvvisitors.com

RICHARD McCOY

Brian McCoy Portfolio

CORD McCOY Article

VADM McCoy

McCoy 1 Lauren McCoy ISL: Results of Pre and Post ...users.manchester.edu/Student/lkmccoy/ProfWeb/E7 artifact reflection... · McCoy 1 Lauren McCoy Heather Schilling/Stacey Stetzel

Kathy McCoy

Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design

A McCoy Moment-------- --

VADM McCoy 1

NOW YOU KNOW The Real McCoy Elijah McCoy

Hacking NET Applications: The Black Arts - OWASP · PDF fileAppSec-DC 2012 Hacking. NET Applications: The Black Arts Jon McCoy

Katherine McCoy

The Black Arts(v2) McCoy - Hacking dotN… · NET Applications: The Black Arts(v2) SecTor 2012 . Jon McCoy Hacking. NET Applications: ... Title: PowerPoint Presentation Author: rapply

Descendant Chart - Chernofffamily.chernoff.com/McCoy/McCoy Descendant Chart.pdf · Mccoy b: 07 Jun 1952 in Wichita, Sed Wick Kansas. IJSAg Lyle Eldon McCoy b: 25 1920 in Wichita,

B. McCoy EPK

Notes on the McCoy family - WVancestrywvancestry.com/ReferenceMaterial/...McCoy_Family.pdf · NOTES ON THE McCOY FAMILY . By. William H. McCoy . The family was founded by James McCoy,

Kentucky Morrison McCoy

McCoy Filing

Authentic LeSean McCoy Bills Jersey, Women NFL LeSean McCoy

Joey Mccoy

Mccoy sean mobile_presentation

Thomas McCoy

Patrick McCoy Resume