Advanced .NET Exploitation Training

Instructors:  Sina Kheirkhah
Dates:  June 23 to 26 2025
Capacity:   25 Seats

You can checkout https://summoning.team/ for a better presentation of this training

In this 4 day training course, we will be exploiting 15+ remote code execution chains (total of 25 single bugs), these vulnerabilities will all be unique in their style and target real world softwares in the class, we'll walk you through bypassing mitigation, discovering and chaining complex vulnerabilities, the tricks and techniques based on each target and many more exciting subjects. This is going to be 32 hours of intensive reverse engineering and exploitation to develop your intuition for finding and exploiting bugs in .NET environments.

Course Topics

Day 1: Foundation of .NET Exploitation

• .NET Basic Reverse Engineering and Debugging
• Defeating Obfuscations
• Easily Debugging Annoying .NET Targets
• Mapping the attack surface of different .NET environments
• Attacking .NET Remote communication stacks part 1
• Discovering, and Writing Exploit for 2 LPE Issues (Real world softwares)
• Discovering, bypassing and Writing Exploit for 2 RCE Chains (Real world softwares)

Day 2: Advanced .NET Exploitation Techniques

• Attacking .NET Remote communication stacks part 2
• Attacking .NET Remote communication stacks part 3
• Exploiting 2 RCE Chains (Real world softwares)

Day 3: Deep Dive into Deserialization Exploitation

• Deep Dive into .NET Deserialization Exploitation from basics to advanced
• Exploiting 4 RCE Chains (Real world softwares)
• IIS Exploitation Tricks
• Covert Red Teaming Techniques in .NET Environments

Day 4: Exploitation Challenges and Edge Case Bypasses

• Bypassing Deserialization Protections
• Finding Target Specific Gadget Chains
• Exploiting 2 LPE Chains (Real world softwares)
• Exploiting 4 RCE Chains (Real world softwares)
• Bypassing Mitigations part 1
• Bypassing Mitigations part 2

Prerequisites

A good attitude towards learning and basic knowledge of reverse engineering, although the course is about reverse engineering managed code, having prior reversing experience (x86, etc) has a big advantage

HARDWARE/SOFTWARE REQUIREMENTS

• Basic familiarity with a scripting language like Python, Bash, etc.
• Medium familiary with any language that is .NET based, (C#, F#, etc)
• do not use a ARM based machine for this workshop
• basic knowledge of "any" reverse engineering is required (x86, etc)
• and most importantly A good attitude towards learning
• A decent internet connection (hotspot, etc)
• A x64 windows host operating system
• 16GB of ram or more
• VMWare as your virtualization software or virtualbox or fusion
• 150GB free disk space
• Furthermore, prior to enrolling in this course, students are encouraged to undertake a self-assessment challenge to ascertain if the course aligns with their objectives and proficiency level.

Bio

Meet Sina Kheirkhah, widely recognized as @SinSinology in the cybersecurity community. Sina is a dedicated full-time vulnerability researcher with a passion for breaking into various systems. From cracking server-side enterprise solutions to targeting hardware and delving into reverse engineering, Sina's expertise covers a wide spectrum. He specializes in low-level exploitation, attacking .NET/Java stacks, bypassing security measures, and chaining bugs seamlessly. Notably, Sina has competed in Pwn2Own for four consecutive years and has won the "Master of Pwn" title as a solo researcher in pwn2own 2025, demonstrating his dedication to the field.

To Register

Click here to register.