Tyranid’s Lair: Stupid is as Stupid Does When It Comes to .NET Remoting
Stupid is as Stupid Does When It Comes to .NET Remoting
One day I came to the realisation that while I’d talked about how dangerous it was I’d never released any public PoC for exploiting it. So I decided to start writing a simple tool to exploit vulnerable servers, that was my first mistake. As I wanted to fully understand remoting to write the best tool possible I decided to open my copy of Reflector, that was my second mistake. I then looked at the code, sadly that was my last mistake.