Full Stack Web Attack (C# .NET Edition) - Syllabus
Please note: This syllabus is subject to change at the discretion of the instructor.
Day 1
Introduction
- C# Language Fundamentals
- Debugging C# Applications
Architecture and Framework Overview
- Internet Information Services
- Application Pools
- ASP.NET
Debugging
- Disabling CLR optimizations
- Debugging with DNSpy
- Program Database Symbols
- Debugging with Visual Studio/dotPeek
Developing C# Applications in Visual Studio
- Reusing application code
- Compiling Release and Debug builds
- Navigating code
- Common project options
Day 2
C# .NET Deserialization Primer
- Unmarshalling VS Deserialization
- Understanding Ysoserial.net
- System.Runtime.Serialization.iFormatter Exploitation
- JavascriptSerializer
- Json.Net
- Json.Net Custom TypeConverters
- ISerializationBinder
Analysis of CVE-2023-XXXXX Remote Code Execution
- Discovering the Vulnerability
- Exploitation
Analysis of CVE-2023-XXXXX Elevation of Privilege
- Discovering the Vulnerability
- Exploitation
Analysis of CVE-2023-XXXXX File Disclosure
- Discovering the Vulnerability
Analysis of CVE-2023-XXXXX External Entity Injection
- Discovering the Vulnerability