Hacking a web service generally isn't rocket science. But what if the web service requires messages to be sent using a binary protocol? What if it requires message level encryption but you don't have a key? These are just a few common scenarios you are likely to encounter when trying to attack a web service built with Windows Communication Foundation (WCF). Through a series of live demonstrations, the presentation will show how to identify and attack WCF web services and discuss useful tools and tips to make testing WCF services easier. Attendees will leave with the knowledge necessary to effectively conduct penetration testing against WCF applications. The following live demonstrations will be conducted (time permitting): - Burp Plug-in for WCF Binary Soap Messages (MC-NBFS) - De-compilation of Silverlight XAP for obtaining WCF Meta Data - Crafting Meta Data Exchange (MEX) Requests for Retrieving WCF Meta Data - Communicating with WCF using WS-S Anonymous Message Encryption - Writing a Custom WCF Test Client (in less than 10 lines of code) - TCP Port Probing through WCF Duplex Callback Channels Presentation Outline: 1. WCF Overview 2. Silverlight WCF Web Services 2a. MC-NBFS Protocol 2b. Obtaining Meta Data from WCF 2c. Analyzing Silverlight XAP 3. Secure WCF Binding 3a. WS-S Message Encryption 3b. Custom WCF Clients 4. WCF Duplex Services 4a. Attacking Callback Channels