Summoning Team Logo
Summoning Team

Advanced .NET Exploitation Training

4 day training course on teaching you how to exploit advanced .NET enterprise targets, bypass mitigations, chain bugs and pop shellz.

TailBliss Hero
P1

What is the training about?

In this 4 day training course, we will be exploiting 15+ remote code execution chains (total of 25 single bugs), these vulnerabilities will all be unique in their style and target real world softwares in the class, we'll walk you through bypassing mitigation, discovering and chaining complex vulnerabilities, the tricks and techniques based on each target and many more exciting subjects. This is going to be 32 hours of intensive reverse engineering and exploitation to develop your intuition for finding and exploiting bugs in .NET environments.

Day 1: Foundation of .NET Exploitation
  • .NET Basic Reverse Engineering and Debugging
  • Defeating Obfuscations
  • Easily Debugging Annoying .NET Targets
  • Mapping the attack surface of different .NET environments
  • Attacking .NET Remote communication stacks part 1
  • Discovering, and Writing Exploit for 2 LPE Issues (Real world softwares)
  • Discovering, bypassing and Writing Exploit for 2 RCE Chains (Real world softwares)
Day 2: Advanced .NET Exploitation Techniques
  • Attacking .NET Remote communication stacks part 2
  • Attacking .NET Remote communication stacks part 3
  • Exploiting 2 RCE Chains (Real world softwares)
Day 3: Deep Dive into Deserialization Exploitation
  • .NET Deserialization basic to advanced, covering 8 .NET deserializers
  • Exploiting 4 RCE Chains which include deserialization issues (Real world softwares)
  • Bypassing Deserialization Protections
  • Covert Red Teaming Techniques in .NET Environments
Day 4: Exploitation Challenges and Edge Case Bypasses
  • Finding Target Specific Gadget Chains
  • Exploiting 2 LPE Chains (Real world softwares)
  • Exploiting 4 RCE Chains (Real world softwares)
  • Bypassing Mitigations part 1
  • Bypassing Mitigations part 2
  • IIS Exploitation Tricks

Who is the instructor?

My mate recently told me: "Listen, you've put 4 years of your free time to make this course and been teaching this as a training and workshop lot of times to make it better and better, if now you want to advertise it publicly, you have to introduce your self good, cause if you can't make people believe you know your craft, how are they gonna trust you with teaching them THE craft?"
So here we go, My name is Sina Kheirkhah also known as @SinSinology, I'm a full-time vulnerability researcher with a passion for popping shells across all kinds of targets—server-side enterprise solutions, hardware devices and I also do reverse engineering, low-level exploitation, attacking .NET/Java stacks, bypassing mitigations, chaining bugs, and all the good stuff. To highlight some of my work, I've been a Pwn2Own contestant for four consecutive years 20{22,23,24,24.5,25} and proudly claimed the "Master of Pwn" title at the 2025 Pwn2Own competition in Tokyo, Japan. Here’s a video from the competition as a proof that not only I look cool but also do cool things (thanks to the cool soundtrack and awesome camera work, not just years of obsessing over vulnerabilities :D). if this video and my public Advisories/Exploits/Blog didn't convince you, I'm not up to your standard (^_^).

P1

Why should I take this training?

almost 80% of all the content taught in exploitation trainings are just public information, does that mean it does't worth it? well, if you are a full time security engineer or a vulnerability researcher who is busy with your own work then of course it does worth it, you obviously can go learn all the topics covered in the training by yourself, hell, just look at the syllabus posted, search each entry one by one, and whatever result shows up, keep reading those blog posts, watch those talks, test those tools, setup and install those vulnerable environments, troubleshoot your exploits, figure out why the exploit doesn't work anymore, figure the mitigation bypasses and learn how to be more covert. yeah!, that's gonna take a while, but its doable, i mean, that's how I learned all about this, now for those who value their time and can afford this training, you can get past of all that useless struggle and instead actually deal with the puzzle solving, exploit writing, bug chaining struggle in the class and let me teach you everything I know about popping shellz in Advanced .NET Enterprise targets. now instead of spending 8 months of your time, you will be up to dated with the latest tools, techniques, tactics, and procedures in just 4 days (Note for the Inspector: I'm no god rather a full time vulnerability researcher who is also good at teaching, if you don't put in the time I can't do magic, so no, this course doesn't give you wings, it gives you the knowledge to build your own wings, and that's the best thing you can get from a training)

Where and When is the training?

you can see the current upcoming classes/workshops, this is a complete 4 day training, 20% theory and 80% practical exploitation

P1

Register for the Advanced .NET Exploitation Training

Sign up for 32 hours of Intensive .NET Exploitation Training, 20% theory and 80% practical

Latest blog posts

Some of our latest blog posts, you can find more in our blog.

../assets/images/featured/CVE-2025-0282-p2.jpg
Ivanti Connect Secure Pre-Auth RCE Walkthrough and Techniques (CVE-2025-0282)

Exploitation walkthorugh of a tricky stack-based buffer overflow over IFT TLS Vpn protocol

../assets/images/featured/CVE-2025-0282.jpg
Ivanti Connect Secure Pre-Auth RCE (CVE-2025-0282)

Initial analysis of a pre-auth RCE vulnerability discovered in ivanti IFT TLS VPN protocol

../assets/images/featured/CVE-2024-50623.jpg
Cleo Harmony - Pre-Auth RCE (CVE-2024-50623)

the CVE-2024-50623 is an arbitrary file read and write in Cleo that leads to Pre-Auth RCE