Hack.NET is a set of .NET-based projects designed to facilitate learning in security by implementing, exploiting, and mitigating various security vulnerabilities. Through a series of versioned releases, the project demonstrates different bug classes, showcasing the lifecycle from insecure code to exploitation and eventual mitigation.
Disclaimer: This project is intended solely for educational purposes to demonstrate security vulnerabilities within the .NET framework. The author does not assume any responsibility for any misuse of the information provided. Users are advised to utilize this material responsibly and within the bounds of all applicable laws and regulations.
Hack.NET employs a security lifecycle approach to demonstrate the progression from vulnerable code to secure implementation. Each stage of the lifecycle is marked with a corresponding git tag, following a structured naming convention to indicate the current state:
- Bugged: Initial implementation with intentional security vulnerabilities.
- Proof of Concept (PoC): Demonstrates how the vulnerabilities can be exploited.
- Secured: Implements security measures to mitigate the identified vulnerabilities.
Hack.NET currently includes the following project:
- FileManagementAPI: An ASP.NET Core project focused on implementing, exploiting, and mitigating vulnerabilities using file management APIs.
- GridPersistence: A WPF-based vulnerable sandbox utilizing Telerik UI for WPF, to demonstrate exploitation of CVE-2024-10095.
For any questions, suggestions, or feedback, please reach out to mehranrmn@disroot.org or open an issue on the GitHub repository.