[Owasp-o2-platform] DotNetaslpoit and GrayWolf

Dinis Cruz dinis at ddplus.net
Wed Aug 31 07:09:00 EDT 2011


It depends on how the app it build, but if you want to have complete control
over an ASP.NET app, namely where to insert your hooks, I would use
PostSharp <http://www.sharpcrafters.com/> (for bytecode instrumentation and
function patching)

Another option is to run an .NET app under the debugger, which will again
give you hot patching capabilities

In fact I once did a PoC where I used these two techniques to create a PoC
for a Sharepoint where I was able to patch a number of vulnerabilities in a
MOSS website (the key factor was that I was able to be granular in my fixes
and prevent bad GUI user interactions (i.e. redirect to global error pages))

Dinis

On Tue, Aug 30, 2011 at 2:45 PM, Colin Watson <colin.watson at owasp.org>wrote:

> Dinis
>
> That's interesting.  Is there a way to inject AppSensor-like attack
> detection points and responses into an application at run-time using
> O2?
>
> Colin
>
>
> On 29 August 2011 10:45, dinis cruz <dinis.cruz at owasp.org> wrote:
> > Have you seen Jon McCoy's research on .NET?
> > He presented 'Hacking .Net Applications at Runtime: A Dynamic Attack' at
> > BlackHat (video here http://www.digitalbodyguard.com/Vids.html) and the
> > tools can be downloaded from
> http://www.digitalbodyguard.com/Programs.html
> > and http://www.digitalbodyguard.com/DotNetasploit.html
> > Any comments on this? (I was recommended to take a look by a friend)
> > I'm curious on the technology behind it (I wonder how similar it is to
> the
> > techniques I used to inject O2 into a .NET process)
> >
> > Dinis Cruz
> >
> > Blog: http://diniscruz.blogspot.com
> > Twitter: http://twitter.com/DinisCruz
> > Web: http://www.owasp.org/index.php/O2
> >
> > _______________________________________________
> > Owasp-o2-platform mailing list
> > Owasp-o2-platform at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
> >
> >
> _______________________________________________
> Owasp-o2-platform mailing list
> Owasp-o2-platform at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20110831/9ae1b386/attachment.html 


More information about the Owasp-o2-platform mailing list