Re-using your targets’ code against them

A story of how I found RCE in two different “fat client”-server applications (one .NET and one Java). As they used non-HTTP binary protocols to communicate, I re-used parts of the existing application code to quickly implement a custom client that could exploit the vulnerabilities. This talk will both show how to find bugs in applications by decompiling Java and .NET code as well as how to re-use that decompiled code to attack the application.

This was presented at Security Fest 2018.

Speakers: Olle Segerdahl
 
Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.