Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pen Testing with Iron Andrew Wilson Trustwave SpiderLabs.

Published byGodfrey Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "Pen Testing with Iron Andrew Wilson Trustwave SpiderLabs."— Presentation transcript:

1 Pen Testing with Iron Andrew Wilson Trustwave SpiderLabs

2 Ubiquitous Hello Application Security Consultant Ex-Software Developer– Microsoft MVP Long walks on the beach Dancing in the rain

3 Goals Why Bother? Introduction to the DLR & CLR Getting Running Examples: Reflection and Disassembly Leveraging Existing Tools Driving Applications with Scripts

4 Why Bother? Best of Both Worlds Deeper Reach Simplification

5 Python & Ruby: Make Developers Security Testers Happy! Awesome at Scripting & Interactive Development (read: rapid prototyping) Incapable (normally) of interaction with.NET 

6 .NET Framework Is: Awesome in library, connectivity, and tooling Commonly used by companies you test Sucky at scripting and interactive programming

7 CLR <3 Focuses concerns against business problems Handles: Memory Management Metadata JIT Common Type System

8 DLR <3

9 Expression Trees Translate code from one language to MSIL Introduced in.Net 3.5 via Linq

10 DLR+CLR Peace Love & Harmony Bi-Directional support: DLR – CLR (Ex. Python – CLR) CLR – DLR (Ex. CLR – Embedded Python)

11 IronPython Significantly more mature (circa 2006) Better support for existing Python applications Loads apps by being manually added to lib

12 IronRuby Needs your support Just obtained Visual Studio Support Loads assemblies via igem (instead of gem) install

13 Getting Started You will need: IronRuby OR IronPython Language tools are optional Visual Studio Express OR MonoDevelop Reflector

14 Use Cases: Disassembly / Reflection Existing Tooling Driving Applications via Scripts

15 No Disassemble!

16 Reflection::noitcelfeR.NET has reflection– but it sucks Ruby has reflection– and it rules Always Cheat, Always win.

17 Use Existing Tools

18 Some things aren‘t 100% supported Workarounds are in progress & inevitable Gains are still decent & getting better

19 THE POWER OF GRAYSKULL!!

20 When Not To Use: When You Can’t Testing Web Applications You Can Debug Natively When Native Tools Are Better

21 Closing Thoughts No Free Lunches Offers Unique Opportunities Projects In Transition

22 QA

Download ppt "Pen Testing with Iron Andrew Wilson Trustwave SpiderLabs."

Similar presentations

What is.Net Gary Devendorf. .Net Framework.Net framework works like the Domino Objects only much lower level and very complete It is part of the OS (or.

What is.Net Gary Devendorf. .Net Framework.Net framework works like the Domino Objects only much lower level and very complete It is part of the OS (or.
Unit 1: Overview of the Microsoft.NET Platform

Unit 1: Overview of the Microsoft.NET Platform
By Sam Nasr September 28, 2004 Understanding MSIL.

By Sam Nasr September 28, 2004 Understanding MSIL.
Introduction to .NET Framework

Introduction to .NET Framework
Tahir Nawaz Introduction to.NET Framework. .NET – What Is It? Software platform Language neutral In other words:.NET is not a language (Runtime and a.

Tahir Nawaz Introduction to.NET Framework. .NET – What Is It? Software platform Language neutral In other words:.NET is not a language (Runtime and a.
Using.NET Platform Note: Most of the material of these slides have been taken & extended from Nakov’s excellent overview for.NET framework, MSDN and wikipedia.

Using.NET Platform Note: Most of the material of these slides have been taken & extended from Nakov’s excellent overview for.NET framework, MSDN and wikipedia.
Silverlight 2 CoreCLR Bringing the power of.NET to the net Andrew Pardoe, Common Language Runtime.

Silverlight 2 CoreCLR Bringing the power of.NET to the net Andrew Pardoe, Common Language Runtime.
WPF vs Silverlight Stuart Haas. WPF  Windows Presentation Foundation  Included in Vista, Server 2008 and XP service pack 2  Deployed in desktop and.

WPF vs Silverlight Stuart Haas. WPF  Windows Presentation Foundation  Included in Vista, Server 2008 and XP service pack 2  Deployed in desktop and.
Introduction to.NET Technology Marcello Benati Software Engineer.NET Architect.

Introduction to.NET Technology Marcello Benati Software Engineer.NET Architect.
ISYS 512 Business Application Design and Development with.Net David Chao.

ISYS 512 Business Application Design and Development with.Net David Chao.
Overview of the.NET Framework. What is the.NET Framework A new computing platform designed to simplify application development A consistent object-oriented.

Overview of the.NET Framework. What is the.NET Framework A new computing platform designed to simplify application development A consistent object-oriented.
ISYS 512 Business Application Design and Development with.Net David Chao.

ISYS 512 Business Application Design and Development with.Net David Chao.
IronPython IronRuby

IronPython IronRuby
Business Intelligence components Introduction. Microsoft® SQL Server™ 2005 is a complete business intelligence (BI) platform that provides the features,

Business Intelligence components Introduction. Microsoft® SQL Server™ 2005 is a complete business intelligence (BI) platform that provides the features,
Introduction to VB.Net ITE-370. What is.NET? A brand of Microsoft technologies A platform for creating distributed Web applications A combination of new.

Introduction to VB.Net ITE-370. What is.NET? A brand of Microsoft technologies A platform for creating distributed Web applications A combination of new.
Developer Day Was ist neu in.NET 4.5? Ken Casada Technical Evangelist, Microsoft Switzerland

Developer Day Was ist neu in.NET 4.5? Ken Casada Technical Evangelist, Microsoft Switzerland
Rajeswari Indupuri Introduction to.NET Framework.

Rajeswari Indupuri Introduction to.NET Framework.
Microsoft Visual Basic 2012 CHAPTER ONE Introduction to Visual Basic 2012 Programming.

Microsoft Visual Basic 2012 CHAPTER ONE Introduction to Visual Basic 2012 Programming.
Microsoft Visual Basic 2005 CHAPTER 1 Introduction to Visual Basic 2005 Programming.

Microsoft Visual Basic 2005 CHAPTER 1 Introduction to Visual Basic 2005 Programming.
A Free sample background from www.powerpointbackgrounds.com © 2001 By Default!Slide 1.NET Overview BY: Pinkesh Desai.

A Free sample background from © 2001 By Default!Slide 1.NET Overview BY: Pinkesh Desai.

Similar presentations

Ads by Google