Adversary Village

Jean Francois Maes

Senior Red Teamer, NVISO

Jean-François Maes is the technical red team lead at NVISO security and a SANS instructor for the SEC699:Adversary Emulation for Breach Prevention & Detection course. Jean-François wants to help people level up in their careers and make people want to join the infosec community. This is why he's the host of the voices of infosec podcast and the creator of Both tailored to inspire people to join in on the fun. Next to his job at NVISO and SANS, he is also very engaged with the infosec community on social media and is a strong believer of open source tooling. He has authored several C# tools such as SharpNukeEventLog, SharpZipRunner and Trustjack.

Workshop: From zero to hero: creating a reflective loader in C#

Have you ever heard of reflective loading before? Ever worked with tools like donut and sRDI? Ever wanted to execute an assembly over Cobalt-Strike but it was bigger than a megabyte? Reflection is awesome, adversaries use it frequently, and in C# it is easier than ever. In this workshop, we will explorer how to create our own reflective loader starting from scratch, adding functionality as we go, in total we will create 6 to 7 loaders. In the end, you will have a better understanding of how reflection works, what appdomains are and do, and how you can leverage reflection in red team operations. In order to attend this workshop, you will need a Windows computer (or VM) and visual studio 2019.

Recorded Live 📼