Full Stack Web Attack (C# .NET Edition) - Syllabus

Please note: This syllabus is subject to change at the discretion of the instructor.

Day 1


  • C# Language Fundamentals
  • Debugging C# Applications

Architecture and Framework Overview

  • Internet Information Services
  • Application Pools


  • Disabling CLR optimizations
  • Debugging with DNSpy
  • Program Database Symbols
  • Debugging with Visual Studio/dotPeek

Developing C# Applications in Visual Studio

  • Reusing application code
  • Compiling Release and Debug builds
  • Navigating code
  • Common project options

Day 2

C# .NET Deserialization Primer

  • Unmarshalling VS Deserialization
  • Understanding Ysoserial.net
  • System.Runtime.Serialization.iFormatter Exploitation
  • JavascriptSerializer
  • Json.Net
  • Json.Net Custom TypeConverters
  • ISerializationBinder

Analysis of CVE-2023-XXXXX Remote Code Execution

  • Discovering the Vulnerability
  • Exploitation

Analysis of CVE-2023-XXXXX Elevation of Privilege

  • Discovering the Vulnerability
  • Exploitation

Analysis of CVE-2023-XXXXX File Disclosure

  • Discovering the Vulnerability

Analysis of CVE-2023-XXXXX External Entity Injection

  • Discovering the Vulnerability