Summoning Team Logo
Summoning Team

Advanced .NET Exploitation Training

4 day training course on teaching you how to exploit advanced .NET enterprise targets, bypass mitigations, chain bugs and pop shellz.

TailBliss Hero
P1

What is the training about?

In this 4 day training course, we will be exploiting 15+ remote code execution chains (total of 25 single bugs), these vulnerabilities will all be unique in their style and target real world softwares in the class, we'll walk you through bypassing mitigation, discovering and chaining complex vulnerabilities, the tricks and techniques based on each target and many more exciting subjects. This is going to be 32 hours of intensive reverse engineering and exploitation to develop your intuition for finding and exploiting bugs in .NET environments.

Day 1: Foundation of .NET Exploitation
  • .NET Basic Reverse Engineering and Debugging
  • Defeating Obfuscations
  • Easily Debugging Annoying .NET Targets
  • Mapping the attack surface of different .NET environments
  • Attacking .NET Remote communication stacks part 1
  • Discovering, and Writing Exploit for 2 LPE Issues (Real world softwares)
  • Discovering, bypassing and Writing Exploit for 2 RCE Chains (Real world softwares)
Day 2: Advanced .NET Exploitation Techniques
  • Attacking .NET Remote communication stacks part 2
  • Attacking .NET Remote communication stacks part 3
  • Exploiting 2 RCE Chains (Real world softwares)
Day 3: Deep Dive into Deserialization Exploitation
  • .NET Deserialization basic to advanced, covering 8 .NET deserializers
  • Exploiting 4 RCE Chains which include deserialization issues (Real world softwares)
  • Bypassing Deserialization Protections
  • Covert Red Teaming Techniques in .NET Environments
Day 4: Exploitation Challenges and Edge Case Bypasses
  • Finding Target Specific Gadget Chains
  • Exploiting 2 LPE Chains (Real world softwares)
  • Exploiting 4 RCE Chains (Real world softwares)
  • Bypassing Mitigations part 1
  • Bypassing Mitigations part 2
  • IIS Exploitation Tricks

Who is the instructor?

My mate recently told me: "Listen, you've put 4 years of your free time to make this course and been teaching this as a training and workshop lot of times to make it better and better, if now you want to advertise it publicly, you have to introduce your self good, cause if you can't make people believe you know your craft, how are they gonna trust you with teaching them THE craft?"
So here we go, My name is Sina Kheirkhah known as @SinSinology, I'm a full time vulnerability researcher who loves poping shellz on all kinds of stuff, I'm talking server side enterprise solutions, hardware targets, reverse engineering, low level exploitation, attacking .NET/Java stacks, bypassing mitigations, chaining bugs and all of that good stuff, to highlight some of my work, I've been a Pwn2Own contestant for 3 years in a row that is 202{2,3,4}, this is one of the videos at the Pwn2Own competition in Tokyo Japan and should prove to you that I look cool and do cool things cause of the soundtrack and the beautiful camera work of course not just because years of studying vulnerabilities. if this video and my public Advisories/Exploits/Blog didn't convince you, I'm not up to your standard.

P1

Why should I take this training?

almost 80% of all the content taught in exploitation trainings are just public information, does that mean it does't worth it? well, if you are a full time security engineer or a vulnerability researcher who is busy with your own work then of course it does worth it, you obviously can go learn all the topics covered in the training by yourself, hell, just look at the syllabus posted, search each entry one by one, and whatever result shows up, keep reading those blog posts, watch those talks, test those tools, setup and install those vulnerable environments, troubleshoot your exploits, figure out why the exploit doesn't work anymore, figure the mitigation bypasses and learn how to be more covert. yeah!, that's gonna take a while, but its doable, i mean, that's how I learned all about this, now for those who value their time and can afford this training, you can get past of all that useless struggle and instead actually deal with the puzzle solving, exploit writing, bug chaining struggle in the class and let me teach you everything I know about popping shellz in Advanced .NET Enterprise targets. now instead of spending 8 months of your time, you will be up to dated with the latest tools, techniques, tactics, and procedures in just 4 days (Note for the Inspector: I'm no god rather a full time vulnerability researcher who is also good at teaching, if you don't put in the time I can't do magic, so no, this course doesn't give you wings, it gives you the knowledge to build your own wings, and that's the best thing you can get from a training)

Where and When is the training?

you can see the current upcoming classes/workshops, I recommend you to sign up for the Thursday 1st of August training, this is a complete 4 day training, 20% theory and 80% practical exploitation.

P1

Register for the Advanced .NET Exploitation Training

Sign up for 32 hours of Intensive .NET Exploitation Training, 20% theory and 80% practical

Latest blog posts

Some of our latest blog posts, you can find more in our blog.

../assets/images/featured/whatsup-wcf-01.jpg
WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive

I discovered an unauthenticated path traversal against the latest version of progress whatsup gold and turned it into a pre-auth RCE, following is how I did it, this is the story of CVE-2024-4885

../assets/images/featured/whatsup-wcf-02.jpg
WhatsUp Gold Pre-Auth RCE WriteDataFile Primitive

Using a path traversal vulnerability to achieve remote code execution, this is the story of CVE-2024-4883 a pre-auth RCE against progress whatsup gold

../assets/images/featured/whatsup-CVE-2024-5009.jpg
WhatsUp Gold SetAdminPassword Privilege Escalation

Lets analyze a privilege escalation which I found targeting progress whatsup gold, this is the story of CVE-2024-5009