Penetration Testing mailing list archives
Betr.: Exploiting C# Issues
From: "Philip Wagenaar" <p.wagenaar () accon nl>
Date: Fri, 04 Feb 2005 09:44:01 +0100
Hi Daniel, As you know C#,VB.NET and Cobolt.NET etc etc all compile into the Common Runtime Language. I am not aware of any big weaknesses in the CLR, but I would search for papers on the CLR instead of a specific .Net Language. Met vriendelijke groet, (Philip) Wagenaar Assistent ICT Projecten & Advies AccoN Accountants & Adviseurs ICT Projecten & Advies Postbus 5090 6802 EB Arnhem The Netherlands tel. +31 (0)26-3842384 fax. +31 (0)26-3630222 mobile: +31 (0)6-25388935 MSN/E-mail: p.wagenaar () accon nl http://www.accon.nl
"Daniel Grzelak" <daniel.grzelak () sift com au> 01-02-05 02:13 >>>
Hi, I am currently researching exploitation techniques specific to C#. The idea behind this being the future application of such research to penetration testing. Browsing the web I have been able to identify a number of resources on secure coding guidelines for .net and C# however I was unable to locate any information on the exploitation of issues specific to C#. Obviously the standard buffer overflow and related bugs are out of the question because all memory is handled automatically, however there *must* be problems that relate only to C# and/or .Net. So my query is this - could anyone point me to some resources or perhaps provide information on the exploitation and detection of C# specific problems? Thank you in advance. Regards, Daniel Grzelak Associate SIFT www.sift.com.au P: +61 2 9236 7276 F: +61 2 9236 7271 M: +61 410 566 549 E: daniel.grzelak () sift com au Suite 2, Level 7 22 Pitt St, Sydney NSW 2000 Australia "SIFT is a leading Australian pure-play information security consulting, intelligence and training firm. We specialise in the delivery of independent advice, reviews and recommendations to the senior management of large, highly-regulated organisations." ################################################################## Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde. De informatie hierin is vertrouwelijk, zodat het derden niet is toegestaan om daarvan kennis te nemen of dit te verstrekken aan andere derden. Indien u dit e-mail bericht ontvangt terwijl het niet voor u bestemd is, verzoeken wij u contact op te nemen met de afzender en de informatie te verwijderen van iedere computer. Bij voorbaat dank. ================================================================== The information transmitted in this e-mail is intended only for the person or entity to which it is addressed and contains confidential information. Any review, retransmission or other use by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Thank you. ################################################################## ##################################################################################### This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal #####################################################################################
Current thread:
- Betr.: Exploiting C# Issues Philip Wagenaar (Feb 04)
- Re: Betr.: Exploiting C# Issues Barrie Dempster (Feb 06)
- RE: Betr.: Exploiting C# Issues Aleksander P. Czarnowski (Feb 07)
- <Possible follow-ups>
- Re: Betr.: Exploiting C# Issues Philip Wagenaar (Feb 07)
- Re: Betr.: Exploiting C# Issues Barrie Dempster (Feb 07)