CS407 Forensics III / Memory Forensics - 10 week course at Southern Oregon University Spring 2015
Topics included: Windows Kernel structures, malware techniques, malware analysis, shellcode construction, and parsing several key elements out of memory for digital forensics and incident response utilizing Volatility.
Breaking .NET(C#) Applications: Hands-On Attack Scenario Class - NDC Oslo 2015
This class covered attack techniques against .NET applications with a focus on Reverse Engineering and memory Hijacking. Hands-On scenarios were conducted allowing students to modify applications at Runtime and on Disk. Students left with the building blocks of developing .NET attacks.
Presentations and Publications
CS 346 Computer Forensics - Memory Forensics 101 - Southern Oregon University April 27th and 28th, 2015.
Guest talk for an introduction to forensics class at SOU.
Hijacking Arbitrary .NET Application Control Flow - DEF CON 23 / BSidesPDX / SecTor
This speech will demonstrate attacking .NET applications at runtime. I will show how to modify running applications with advanced .NET and assembly level attacks that alter the control flow of any .NET application. New attack techniques and tools will be released to allow penetration testers and attackers to carry out advanced post exploitation attacks
This presentation gives an overview of how to use these tools in a real attack sequence and gives a view into the .NET hacker space.
- Acquiring .NET Objects From the Managed Heap
- Hijacking Arbitrary .NET Application Control Flow
Reverse Engineering and Attacking .NET Applications - ToorCamp 2016
This talk will demonstrate reverse engineering and attacking .NET applications. I will start by discussing reverse engineering as it pertains to .NET and show how to get a glimpse into a binaries code base. Moving forward I will show how to modify running applications with advanced .NET and assembly level attacks using open source tools I developed. By discussing internal framework structures you will leave understanding why and how these attacks work. You will also be able to implement defense and attack scenarios in test cases.
You will leave with an overview of how to use reverse engineering to discover weaknesses in .NET applications and how to leverage those as an attacker.