2025-05-15 –, Ville-Marie
This talk will present a technique that allows red teamers to execute shellcode within a .NET process without the need to create a RWX memory section limiting the EDR detection. This technique abuses the underlying concept of how .NET executes the CIL code once it is compiled. No external dependencies are needed, only the .NET framework's magic.
English
Charles Hamilton is a Red Teamer with over twelve years of experience delivering offensive testing services for various government clients and commercial sectors. In recent years, Charles has specialized in covert Red Team operations targeting complex and highly secured environments. These operations have enabled him to refine his skills in stealthily navigating client networks without detection.
Since 2014, he has been the founder of the RingZer0 Team website, a platform dedicated to teaching hacking fundamentals. The RingZer0 community currently boasts over 50,000 members worldwide. Charles is also a prolific toolsmith and trainer who has delivered training over the last seven years, both online and onsite. He is a speaker in the InfoSec industry, known under the handle Mr.Un1k0d3r