2026-06-19 –, Soprano A Language: English
Solarwinds, Microsoft Sharepoint, Microsoft Exchange, Veeam, Veritas, any many more...
All of these products are written in .NET
If you'd like to learn how to reverse engineer, find vulnerabilities and exploit .NET targets
this workshp will teach you the basics
[X] Topics:
Reversing .NET targets (static analysis, debugging, patching)
Introduction to .NET vulnerabilities
Basics of deserialization exploits in .NET
Patch diffing and exploiting an Nday
[X] Requirements:
Windows 10 or 11 VM
DO NOT bring an ARM laptop (MacBook) tools will not run on this CPU
If you do not have a intel/amd laptop, try preparing a remote windows server (vps,ec2,etc)
Basic knowledge of C#
Basic of any reverse engineering is a must (x86, etc)
My name is Sina Kheirkhah also known as @SinSinology I’m a full-time vulnerability researcher with a passion for popping shells across all kinds of targets, server-side enterprise solutions, hardware devices and I also do reverse engineering, low-level exploitation, attacking .NET/Java stacks, bypassing mitigations, chaining bugs, and all the good stuff.
To highlight some of my work, I’ve been a Pwn2Own contestant multiple times 20{22,23,24x2,25x3} and have won the “Master of Pwn” title at the 2025 January edition of Pwn2Own competition in Tokyo Japan. Later in October of the same year, came back as @SummoningTeam (@_mccaulay, @Yogehi, @Ch0pin, @hyprdude) and all of us together won the “Master of Pwn” title at the October edition of Pwn2Own in Cork Ireland.