Advanced .NET Exploitation (August Edition)

Thursday, 1 August 2024 11:00 AM - 6:00 PM BST

London, London, England, London, United Kingdom

Register Now

Registration

Advanced .NET Exploitation (32 hours divided in 4 Days of Training) Partial Approval - £3,000.00

Sale ends on 01/08/2024

Prices are in GBP and VAT Will be included in checkout

Enter your discount code

  • Subtotal (excluding fees and discounts)
  • Fee
  • Total amount

1. Select Seats

2. Review and Proceed

Thursday, 1 August 2024 11:00 AM - 6:00 PM BST

London, London, London, England, London, United Kingdom.

Advanced .NET Exploitation Training

training course on teaching you how to exploit advanced .NET enterprise targets, bypass mitigations, chain bugs and pop shellz.

 

What is the training about?

 

In this 4 day training course, we will be exploiting 15+ remote code execution chains (total of 25 single bugs), these vulnerabilities will all be unique in their style and target real world softwares in the class, we'll walk you through bypassing mitigation, discovering and chaining complex vulnerabilities, the tricks and techniques based on each target and many more exciting subjects. This is going to be 32 hours of intensive reverse engineering and exploitation to develop your intuition for finding and exploiting bugs in .NET environments.

 

 

Course Outline 

Day 1: Foundation of .NET Exploitation

  • .NET Basic Reverse Engineering and Debugging
  • Defeating Obfuscations
  • Easily Debugging Annoying .NET Targets
  • Mapping the attack surface of different .NET environments
  • Attacking .NET Remote communication stacks part 1
  • Discovering, and Writing Exploit for 2 LPE Issues (Real world softwares)
  • Discovering, bypassing and Writing Exploit for 2 RCE Chains (Real world softwares)

Day 2: Advanced .NET Exploitation Techniques

  • Attacking .NET Remote communication stacks part 2
  • Attacking .NET Remote communication stacks part 3
  • Exploiting 2 RCE Chains (Real world softwares)

Day 3: Deep Dive into Deserialization Exploitation

  • Deep Dive into .NET Deserialization Exploitation from basics to advanced
  • Exploiting 4 RCE Chains (Real world softwares)
  • IIS Exploitation Tricks
  • Covert Red Teaming Techniques in .NET Environments

Day 4: Exploitation Challenges and Edge Case Bypasses

  • Bypassing Deserialization Protections
  • Finding Target Specific Gadget Chains
  • Exploiting 2 LPE Chains (Real world softwares)
  • Exploiting 4 RCE Chains (Real world softwares)
  • Bypassing Mitigations part 1
  • Bypassing Mitigations part 2
  • Covert Red Teaming Techniques when exploiting .NET

 

Who is the instructor?

 

Meet Sina Kheirkhah, widely recognized as @SinSinology in the cybersecurity community. Sina is a dedicated full-time vulnerability researcher with a passion for breaking into various systems. From cracking server-side enterprise solutions to targeting hardware and delving into reverse engineering, Sina's expertise covers a wide spectrum. He specialize in low-level exploitation, attacking .NET/Java stacks, bypassing security measures, and chaining bugs seamlessly. Notably, Sina has competed in Pwn2Own for three consecutive years, demonstrating his dedication to the field.

 

Training Format

 

This is an in-person 4 day training from Thursday August 1st until Sunday August 4th taking place from 11 AM to 6PM (8 hours each day), the time zone is United Kingdom Time UTC+01:00

The location of the venue is based in UK London and the exact location will be sent to the students 

 

What do I need to bring for the class?

 

  • Basic familiarity with a scripting language like Python, Bash, etc.
  • Medium familiary with any language that is .NET based, (C#, F#, etc)
  • and most importantly A good attitude towards learning
  • A decent internet connection (hotspot, etc)
  • A x64 windows host operating system
  • 16GB of ram or more
  • VMWare as your virtualization software or virtualbox or fusion
  • 150GB free disk space
  • Furthermore, prior to enrolling in this course, students are encouraged to undertake a self-assessment challenge to ascertain if the course aligns with their objectives and proficiency level.

 

Refund Policy

 

the minimum number of students needed for the training is 5 people, if this number isn't reached, students will receive a full refund.

If you want to cancel your registration, For good reason we can cancel/refund it minus Credit card processing fee. Some people register and do not show up to the class and expect to be refunded, in that case it cost us money and prevent someone else to attend. without good reason this scneario is non-refundable

 

I have a question which hasn't been answered, who should I contact?

 

Please contact us at summoningteampwn@gmail.com

 

 

Cancellation policy

the minimum number of students needed for the training is 5 people, if this number isn't reached, students will receive a full refund.

If you want to cancel your registration, For good reason we can cancel/refund it minus Credit card processing fee up to 35 days before the event. NO REFUND if cancelled after that, Some people register and do not show up to the class and expect to be refunded, in that case it cost us money and prevent someone else to attend. without good reason this scenario is non-refundable

Sina kheirkhah

Meet Sina Kheirkhah, widely recognized as @SinSinology in the cybersecurity community. Sina is a dedicated full-time vulnerability researcher with a passion for breaking into various systems. From cracking server-side enterprise solutions to targeting hardware and delving into reverse engineering, Sina's expertise covers a wide spectrum. They specialize in low-level exploitation, attacking .NET/Java stacks, bypassing security measures, and chaining bugs seamlessly. Notably, Sina has competed in Pwn2Own for three consecutive years, demonstrating his dedication to the field.

Contact the Organizer