From: Philip Wagenaar (p.wagenaar@accon.nl)
Date: Fri Feb 04 2005 - 03:44:01 EST
Hi Daniel,
As you know C#,VB.NET and Cobolt.NET etc etc all compile into the Common Runtime Language.
I am not aware of any big weaknesses in the CLR, but I would search for papers on the CLR instead of a specific .Net Language.
Met vriendelijke groet,
(Philip) Wagenaar
Assistent ICT Projecten & Advies
AccoN Accountants & Adviseurs
ICT Projecten & Advies
Postbus 5090
6802 EB Arnhem
The Netherlands
tel. +31 (0)26-3842384
fax. +31 (0)26-3630222
mobile: +31 (0)6-25388935
MSN/E-mail: p.wagenaar@accon.nl
http://www.accon.nl
>>> "Daniel Grzelak" <daniel.grzelak@sift.com.au> 01-02-05 02:13 >>>
Hi,
I am currently researching exploitation techniques specific to C#. The idea
behind this being the future application of such research to penetration
testing.
Browsing the web I have been able to identify a number of resources on
secure coding guidelines for .net and C# however I was unable to locate any
information on the exploitation of issues specific to C#. Obviously the
standard buffer overflow and related bugs are out of the question because
all memory is handled automatically, however there *must* be problems that
relate only to C# and/or .Net.
So my query is this - could anyone point me to some resources or perhaps
provide information on the exploitation and detection of C# specific
problems?
Thank you in advance.
Regards,
Daniel Grzelak
Associate
SIFT
www.sift.com.au
P: +61 2 9236 7276
F: +61 2 9236 7271
M: +61 410 566 549
E: daniel.grzelak@sift.com.au
Suite 2, Level 7
22 Pitt St, Sydney NSW 2000
Australia
"SIFT is a leading Australian pure-play information security consulting,
intelligence and training firm. We specialise in the delivery of
independent advice, reviews and recommendations to the senior management of
large, highly-regulated organisations."
##################################################################
Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde.
De informatie hierin is vertrouwelijk, zodat het derden niet is
toegestaan om daarvan kennis te nemen of dit te verstrekken aan
andere derden. Indien u dit e-mail bericht ontvangt terwijl het
niet voor u bestemd is, verzoeken wij u contact op te nemen met
de afzender en de informatie te verwijderen van iedere computer.
Bij voorbaat dank.
==================================================================
The information transmitted in this e-mail is intended only for
the person or entity to which it is addressed and contains
confidential information. Any review, retransmission or other
use by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the
sender and delete the material from any computer. Thank you.
##################################################################
#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared
by MailMarshal
#####################################################################################
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:15 EDT