Hacking .NET Applications:The Black ArtsAppSec-DC 2012Jon McCoywww.DigitalBodyGuard.com
Hacking .NET Applications:The Black ArtsAppSec-DC 2012Jon McCoywww.DigitalBodyGuard.com
WHY .NET.NET new and cross platform- Windows, OS-X, Linux, Android, IPhone, ARMThe attacks are not new nor only in .NET- C , Java, .Faster development timeSimilar layout to JAVAI happen to be good at .NET
HACKER VS ATTACKER
NOT AMS LEVEL
WHY NOT ASM?
NOT IDA PRO
NOT IDA PRO
IL – Intermediate LanguageCode of the Matrix NEW ASM
DECOMPILEC# - 13 LINESLINESC# - 15IL - 34ASM - 77
C# -IL15- 34ASM - 77HOW MUCH CODE DO YOUNEED TO READ
NOT IDA PRO
Attacking/CrackingIN MEM ON DISK
ATTACKING .NETATTACKTHE CODE ON DISK
ATTACKING ON DISK
GRAYWOLFON DISK EDIT
ATTACK SECURITYMicrosoftMedia Center
CRACKDEMOGOD MODEGSGE.CONFIGOPTIONS::.CCTOR()439 LDC.I4.1
CRACKPASSWORD
CRACKReturn True;PASSWORD
ATTACKING .NETAPPLICATIONS: AT RUNTIME
GRAYDRAGONINJECTION
ATTACKING .NETATTACKWHILETHE APP IS RUNNING
ATTACK VECTOR (not new)ASM THE OLD IS NEWShell Code - ASM.NET has pointers.NO NET Security .THIS IS SCARY!!!!NEVER LET ME CALLUNMANNAGED
ATTACK VECTORASM THE OLD IS NEW
ATTACK VECTORASM THE OLD IS NEW
Run and InjectSECURITYSYSTEMS
DEMO
101 - ATTACK ON DISKConnect/Open - Access CodeDecompile - Get code/techInfect - Change the target's codeExploit - Take advantageRemold/Recompile - WIN
THE WEAK SPOTSFlip The CheckSet Value is “True”Cut The LogicReturn TrueAccess Value
SETFLIPVALUETHETOCHECK“TRUE”bool Registered false;true;If(a! b)If(a b)
RETURN TRUEbool IsRegistered(){Return TRUE;.}
CUT THE LOGICstring sqlClean(string x){Return x;}
HACK THE LOGINDEMOPASS THE KEYSHOW THE KEY
CRACK THE KEYPublic/Private Change Key3/B Name*ID*7 ASK what is /B?Call Server Hack the CallDemo True; Set ValueComplex Math Complex Math1% of the time the KeyGen is given
PUBLIC/PRIVATE KEYIf you can beat themWhy join themKey “F5PA11JS32DA”Key “123456ABCDE”
SERVER CALL1.2.3.4.“Send”SystemID 123456789Fake the CallFake the RequestFake the Reply Reg Code f3V541Win*Registered True*
REG CODE REPLAYName: 5G9P3*CJON DOECode:98qf3uy ! FAIL
REG CODE REPLAYName:Code:*C5G9P3
REG CODE REPLAYName: 5G9P3*CJON DOECode:5G9P3 WIN
COMPLEX MATH1. Chop up the Math2. Attack the Weak3. ?4. Profit
HACK THE KEYDEMOAPPSEC-USA 2011999ca10a050f4bdb31f7e1f39d9a0dda
Encrypted DataStatic Crypto KeyVector init 0Clear TXT Password Storage
WHAT STOPS THIS?What is the security?
PROTECTION ON DISKProtection – SecuritySigned code (1024 bit CRYPTO)Verify the creatorStrong NamesACLs M stuffTry to SHUTDOWNTampering
PRIVET KEY SIGNINGSigned code is based onPrivate Key - 1024 bitSigned Hash of Code .Identify and Verify the Author
PROTECTION ON DISKProtection - Security by 0b cur17yCode ObfuscationLogic ObfuscationUnmanaged calls to C/C /ASMShells / Packers / Encrypted(code)Try to SHUTDOWNDecompilation
CRACK - FAILDEMOFAIL
PROTECTION ON DISK0bfu ca7edDEMOFAIL
scationappliedCauses lowwillor ws theattackeris notBugs100% effective
UNPROTECTED / PROTECTED
THE BEST DEFENSE IS AGOOD SNIPERIf you know the enemy and knowyourself, you need not fear theresults of a hundred battles.- Sun Tzu
PROTECTION ON DISKShellsPack/Encrypt the EXE
IT CAN‘T’T BE THAT EZWhat is the security?
STRONG NAME HACKING
ATTACK VECTORPRIVET KEY SIGNINGSigned code is based onPrivate Key - 1024 bitSigned Hash of Code .SIGNED CODE CHECKING ISOFF BY DEFAULT
FAKE SIGNED DLL
FAKE SIGNED DLLTurn Key Checking ON[HKEY LOCAL ongNameBypass" dword:00000000
FAKE SIGNED DLLERROR
FAKE SIGNED DLL
ATTACK VECTORVISUAL STUDIOExploit – Run arbitrary codeFirst noted in 2004DemoPowerShell - MatrixGet developer KeysAttack the SVN & DBwww.pretentiousname.com/misc/win7 uac whitelist2.html
YOU’RE NOT A HACKERWHY SHOULD YOU CARE?Defend your ApplicationsDefend your SystemsVerify your Tools\Programs
LOOK INSIDE
DON’TLOOK
SECURITYThe Login security check isDoes A BDoes MD5%5 XIs the Pass the Crypto Key
DATA LEAKThe Data sent home isApplication InfoUser / Registartion InfoSecurity / System Info
KEYThe Crypto Key isA Hard Coded KeyThe Licence NumberA MD5 Hash of the Pass6Salt 6MD5 Hash of the Pass
CRYPTOThe Crypto isDES 64Tripple DES 192Rijndael AES 256Home MIX (secure/unsecure)
FIN
MORE INFORMATION comFIN 1
AppSec-DC 2012 Hacking NET Applications: The Black Arts Jon McCoy www.DigitalBodyGuard.com
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Hacking Concepts 1.10 What is Hacking? 1.11Who is a Hacker? 1.12 Hacker Classes 1.13 Hacking Phases o Reconnaissance o Scanning o Gaining Access o Maintaining Access o Clearing Tracks Ethical Hacking Concepts 1.14 What is Ethical Hacking? 1.15 Why Ethical Hacking is Necessary 1.16 Scope and Limitations of Ethical Hacking
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
Hacking The Wild: Desert Island Castaway Survival Series Marathon Hacking The Wild: Escape from Death Valley Hacking The Wild: Deadly Glacier Hacking The Wild: Alaskan Ice Forest Hacking The Wild: Black Bayou, The Hacking The Wild: Desert Island Castaway