Advanced .NET Exploitation

Instructor:  Sina Kheirkhah
Dates:  June 15 to 18 2026
Location:  Delta Hotel President Kennedy
Capacity:  25

In this 4 day training course, we will be exploiting 15+ remote code execution chains (total of 25 single bugs), these vulnerabilities will all be unique in their style and target real world softwares in the class, we'll walk you through bypassing mitigation, discovering and chaining complex vulnerabilities, the tricks and techniques based on each target and many more exciting subjects. This is going to be 32 hours of intensive reverse engineering and exploitation to develop your intuition for finding and exploiting bugs in .NET environments.

You can checkout https://summoning.team/ for a better presentation of this training.

Schedule

• Day 1: Foundation of .NET Exploitation
  • .NET Basic Reverse Engineering and Debugging
  • Defeating Obfuscations Easily
  • Debugging Annoying .NET Targets
  • Mapping the attack surface of different .NET environments
  • Attacking .NET Remote communication stacks part 1
  • Discovering, and Writing Exploit for 2 LPE Issues (Real world softwares)
  • Discovering, bypassing and Writing Exploit for 2 RCE Chains (Real world softwares)
• Day 2: Advanced .NET Exploitation Techniques
  • Attacking .NET Remote communication stacks part 2
  • Attacking .NET Remote communication stacks part 3
  • Exploiting 2 RCE Chains (Real world softwares)
• Day 3: Deep Dive into Deserialization Exploitation
  • .NET Deserialization basic to advanced, covering 8 .NET deserializers
  • Exploiting 4 RCE Chains which include deserialization issues (Real world softwares)
  • Bypassing Deserialization Protections
  • Covert Red Teaming Techniques in .NET Environments
• Day 4: Exploitation Challenges and Edge Case Bypasses
  • Finding Target Specific Gadget Chains
  • Exploiting 2 LPE Chains (Real world softwares)
  • Exploiting 4 RCE Chains (Real world softwares)
  • Bypassing Mitigations part 1
  • Bypassing Mitigations part 2

Prerequisites

A good attitude towards learning and basic knowledge of reverse engineering, although the course is about reverse engineering managed code, having prior reversing experience (x86, etc) has a big advantage

Hardware/Software Requirements

• 300GB free disk space
• 16GB of ram or more
• A x64 windows host operating system (no linux, no mac)
• Do not use a ARM based machine for this workshop
• VMWare Workstation Pro (make sure its the Latest Version)
• Basic familiarity with a scripting language like Python, Bash, etc.
• Medium familiary with any language that is .NET based, (C#, F#, etc)
• Basic knowledge of "any" reverse engineering is required (x86, etc)
• A decent internet connection (hotspot, etc)

BIO

Sina Kheirkhah (@SinSinology) is a dedicated full-time vulnerability researcher with a passion for breaking into various systems. From cracking server-side enterprise solutions to targeting hardware and delving into reverse engineering, Sina's expertise covers a wide spectrum. He specializes in low-level exploitation, attacking .NET/Java stacks, bypassing security measures, and chaining bugs seamlessly. Notably, Sina has competed in Pwn2Own for four consecutive years and has won the "Master of Pwn" title as a solo researcher in pwn2own 2025, demonstrating his dedication to the field.

To Register

Click here to register.