Programming languages that operate on a virtual machine often promise safety guards against many unsafe operations. However, virtual machines can have pretty serious bugs. In this post, we explore ...

Here is a dumb question that you probably never asked yourself: What is the minimal amount of bytes we need to store in a .NET executable to have the CLR print the string"Hello, World!" to the stan...

On May 27 until May 29, I had the pleasure to join Shellphish in the DEFCON CTF Qualifiers of 2023. I wanted to highlight one of the challenges called brinebid that I ended up working on as well as...

public static void Main(); This is what most people associate with the entry point of a .NET module. However, as it so turns out, this is not the place where it all begins. In this post, we will r...

Patching PE files is easy. Injecting new code that uses functions from external modules, however, is more complicated. In this post, we are implementing a method for rebuilding import directories,...

.NET decompilers and debuggers have become very good at helping reverse engineers figure out the inner workings of a program. However, they also make a lot of assumptions that can be used against t...

In a previous post we dove deep into the inner workings of the call opcode, and used it to confuse decompilers and deobfuscators. We will continue this story by also giving the callvirt opcode some...

The call and callvirt opcodes are arguably two of the most commonly used operations in the Common Intermediate Language (CIL). Yet, they have some interesting properties that are often overlooked. ...

Hi! I go by the name Washi on the internet. I am a hobbyist programmer and reverse engineer, and I love creating and breaking things. I spend a lot of time thinking about compilers and decompiler...