Topher Timzen&Ryan Allen - Hijacking Arbitrary .NET Application Control Flow - 101 Track - a podcast by DEF CON

Materials Available Here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-NET-Application-Control-Flow-UPDATED.pdf

Whitepaper here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-NET-Application-Control-Flow-WP.pdf

Additional Materials: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Topher-Timzen-Acquiring-NET-Objects-From-The-Managed-Heap.pdf

Hijacking Arbitrary .NET Application Control Flow

Topher Timzen Security Researcher - Intel

White paper available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Topher Timzen & Ryan Allen - UPDATED/DEFCON-23-Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-NET-Application-Control-Flow-WP.pdf

This speech will demonstrate attacking .NET applications at runtime. I will show how to modify running applications with advanced .NET and assembly level attacks that alter the control flow of any .NET application. New attack techniques and tools will be released to allow penetration testers and attackers to carry out advanced post exploitation attacks.

This presentation gives an overview of how to use these tools in a real attack sequence and gives a view into the .NET hacker space.

Topher Timzen has had a research emphasis on reverse engineering malware, incident response and exploit development. He has instructed college courses in malware analysis and memory forensics while managing a cybersecurity research lab. Focusing on .NET memory hijacking, he has produced tools that allow for new post exploitation attack sequences. Topher is currently a Security Researcher at Intel.

Twitter: @TTimzen

Further episodes of DEF CON 23 [Audio] Speeches from the Hacker Convention

Further podcasts by DEF CON

Website of DEF CON