Advanced .NET Exploitation Training

Sina Kheirkhah

Dates

23-26 Sep. 2025

9:00 – 18:00

EARLY BIRD PRICE

~~€ 4.000,00~~

€ 3.600,00

Course objectives

This 4 day training course will teach you how to exploit advanced .NET enterprise targets, bypass mitigations, chain bugs and pop shellz!
We will be exploiting more than 15 remote code execution chains (total of 25 single bugs): these vulnerabilities will all be unique in their style and target real world software.

During the class, we’ll walk you through bypassing mitigation, discovering and chaining complex vulnerabilities, the tricks and techniques based on each target and many more exciting subjects.
This is going to be 32 hours of intensive reverse engineering and exploitation to develop your intuition for finding and exploiting bugs in .NET environments.

Prior to enrolling in this course, students are encouraged to undertake a self-assessment challenge to ascertain if the course aligns with their objectives and proficiency level.

Training outcomes

Advanced exploitation skills
Ability to identify and exploit complex chain of vulnerability
Ability to reverse engineer enterprise-level software developed in .NET

About the trainer

Meet Sina Kheirkhah, widely recognized as @SinSinology in the cybersecurity community! Sina is a dedicated full-time vulnerability researcher with a passion for breaking into various systems.

From cracking server-side enterprise solutions to targeting hardware and delving into reverse engineering, Sina‘s expertise covers a wide spectrum. He specializes in low-level exploitation, attacking .NET/Java stacks, bypassing security measures, and chaining bugs seamlessly.

Notably, Sina has competed in Pwn2Own for four consecutive years and has won the “Master of Pwn” title as a solo researcher in pwn2own 2025, demonstrating his dedication to the field.

Required skills

A good attitude towards learning and basic knowledge of reverse engineering, although the course is about reverse engineering managed code, having prior reversing experience (x86, etc) has a big advantage.

Basic familiarity with a scripting language like Python, Bash, etc.
Medium familiary with any language that is .NET based, (C#, F#, etc)
Basic knowledge of “any” reverse engineering is required (x86, etc)
A good attitude towards learning 🙂

What to bring?

Laptop with

Windows x64 host operating system
CPU x64 suitable for virtualization (ARM is not supported)
16GB of RAM or more
USB type A port
VMWare Player / Workstation or Virtualbox
150GB free disk space

What will be provided?

Internet connection is provided by the training center, a backup mobile connection (e.g. hotspot) is recommended
The course material – it will be provided on a USB drive, make sure to have a laptop with USB Type-A port

CLASS SYLLABUS¹

Day 1: Foundation of .NET Exploitation

.NET Basic Reverse Engineering and Debugging
Defeating Obfuscations
Easily Debugging Annoying .NET Targets
Mapping the attack surface of different .NET environments
Attacking .NET Remote communication stacks part 1
Discovering, and Writing Exploit for 2 LPE Issues (Real world softwares)
Discovering, bypassing and Writing Exploit for 2 RCE Chains (Real world softwares)

Day 2: Advanced .NET Exploitation Techniques

Attacking .NET Remote communication stacks part 2
Attacking .NET Remote communication stacks part 3
Exploiting 2 RCE Chains (Real world softwares)

Day 3: Deep Dive into Deserialization Exploitation

.NET Deserialization basic to advanced, covering 8 .NET deserializers
Exploiting 4 RCE Chains which include deserialization issues (Real world softwares)
Bypassing Deserialization Protections
Covert Red Teaming Techniques in .NET Environments

Day 4: Exploitation Challenges and Edge Case Bypasses

Finding Target Specific Gadget Chains
Exploiting 2 LPE Chains (Real world softwares)
Exploiting 4 RCE Chains (Real world softwares)
Bypassing Mitigations part 1
Bypassing Mitigations part 2

¹ Schedule of lectures on the specified days may be subject to changes