[Owasp-london] 'Rooting the CLR' London Presentation

Dinis Cruz dinis at ddplus.net
Mon Mar 20 18:22:13 EST 2006 

Hello

(For the ones around London) This Wednesday (in two days) I will be
doing my 'Rooting the CLR' presentation to the LondonDotNet group which
is one of the most active London .Net communities.

There are still some places left (the event takes place on Microsoft's
Soho offices), so if you are interested you can get more details here
http://iancooper.brinkster.net/FrontPage.aspx (basically send an email
to meetings at dnug.org.uk telling Ian (the organizer) that you want to
attend).

Here (also available in
http://iancooper.brinkster.net/Pages/UG_Meetings.aspx) are more details
about my presentation (1h) :
/
*Rooting the CLR by Dinis Cruz*
In this presentation Dinis Cruz will show how the .Net Framework can be
modified in real-time using Rootkit-like techniques. This is possible
due to the fundamental security design flaw within the .Net framework
where the entire Framework (i.e. all dlls) are loaded into the .Net
process. This creates a scenario where there is nothing stopping a
malicious Full Trust .Net assembly or unmanaged code executed in that
process to 'patch' the CLR itself.

Demos include:
     - CLR patch that allows calls to private methods to succeed
     - CLR patch that allows corrupted Strong Named assemblies to be
executed (i.e. ILDASM a signed .Net assembly, change it, ILASM it back
into .exe format, and execute it without any exception been thrown)
     - Load core .Net framework dlls that come from directories under my
control (for example c:\fusion.dll)
     - MSIL Patch on all Deny and Demand methods so that they always
return without any exception being thrown, which disables most CAS
protections in the running assembly (the only caveat with this demo is
that the 'MSIL patch' must be applied before those methods are JITED)
     - Extra demo: Unpathed ILDASM / ILASM buffer overflow

/There will also be another presentation on the night made by Francis
Norton on the topic* Using of XSLT to generate code from XML* (1 hr)

Hope to some of you there.

Important note: there is free pizza and we always end up in a local bar
for some drinks :)

Dinis Cruz
Owasp .Net Project
www.owasp.net


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-london/attachments/20060320/5161465f/attachment.html

More information about the Owasp-london mailing list