The PowerShell bubble has burst. With offensive use going down and detections and defences rising, the need for an alternative means to operate offensively against Windows environments is well underway and a big part of that is due to C# and .NET.
In this presentation, Lee will take the audience through the rise of weaponized C#. From well-known toolkits to ideas and struggles for defenders, inner workings of the technology itself and where it may be heading in the long run. This talk will give the audience a window into the increasingly popular world of offensive C# as more and more attackers and defenders are rushing to get ahead of the curve. While not brand-new tradecraft, C# is rapidly being used to replace existing toolkits based on technologies such as PowerShell and proving to be an extremely effective alternative. Throughout this talk, Lee will be covering a brief crash course into the current state of .NET and C# development along with the 2020 announcement from Microsoft to combine .NET, Mono and .NET Core under one roof which is causing attackers to salivate since the targeting of every OS that will support it becomes easier (Windows, Linux, iOS, watchOS, tvOS, ARM etc.). It is crucial for defenders to acquire an understanding of how much offensive C# can be difficult to detect and defend against and to do so, must understand how it is used to attack and stay quiet inside an organization’s environment.