Windows Communication Foundation Penetration Testing Methodology

Submitted by grigby1 on Thu, 10/20/2022 - 3:15pm

Title	Windows Communication Foundation Penetration Testing Methodology
Publication Type	Conference Paper
Year of Publication	2021
Authors	Florin Ilca, Lucian, Balan, Titus
Conference Name	2021 16th International Conference on Engineering of Modern Electric Systems (EMES)
Keywords	.NET Framework, Buildings, C\# programming, communication bindings, composability, Information security, Metrics, Operating systems, Penetration Testing, Planning, pubcrawl, resilience, Resiliency, security, service contracts, Windows, Windows Communication Foundation, Windows Operating System Security
Abstract	Windows Communication Foundation (WCF) is a communication framework for building connected, service-oriented applications, initially released by Microsoft as part of.NET Framework, but now open source. The WCF message-based communication is a very popular solution used for sending asynchronous messages from one service endpoint to another. Because WCF provides many functionalities it has a large-consuming development model and often the security measures implemented in applications are not proper. In this study we propose a methodology for offensive security analysis of an WCF endpoint or service, from red team perspective. A step by step approach, empirical information, and detailed analysis report of WCF vulnerabilities are presented. We conclude by proposing recommendations for mitigating attacks and securing endpoints.
DOI	10.1109/EMES52337.2021.9484145
Citation Key	florin_ilca_windows_2021

Groups: