Author: Fatih Ozavci (https://linkedin.com/in/fozavci)
Version: 1.0
Events: AusCERT 2021, Interbank Red Team Forums in Australia, Internal Teams

This content will be updated in time whenever presented in conferences or events. However, the content won't expand to cover the advanced topics referred in the last part of the training. There will be also a Weaponising C# - Advanced Practices training to be released in future events for this improvment.

In this Enterprise Detection and Response (EDR) age, threat actors are increasingly using custom tradecraft to make their initial attacks unique and to hide their tracks. Hence, Red Teams need to simulate these cutting-edge tradecraft during their exercises with, potentially, limited resources. In addition, Purple Teams have responsibilities to replicate cutting-edge individual attacks to test defence solutions and understand the IOCs.

C# and .NET Framework’s popularity is increasing in the security community, who are responsible to simulate adversaries, due to its operating system integration capabilities and easy to develop features. Through this, it’s easier for offensive and defensive security researchers to provide custom tradecraft targeting specific Windows features and security controls. Security researchers have already released numerous custom Red Team tools and Mitre Att&ck tests using C#, to be operated by popular and custom Command & Control implementations.

During this workshop, we will discuss about the fundamentals and offensive advantages provided by .NET Framework with practical examples. In addition, some of the Mitre Att&ck concept implementations will be analysed to understand its use. Through the exercises, the participants will learn how they can read code samples, write their own code, compile using various options, calling .NET assemblies through PowerShell, integrate Windows APIs to existing samples to expand the features, and finally make their own application. To operate Red Teaming tasks against a target platform remotely; the participants will actively read and repurpose existing Proof-of-Concept tools, and develop their own custom tools using C#.