I've done small (but fun) .NET Framework research, and I found a new exploitation primitive (vulnerable behavior). In many cases, it may directly lead to RCE.

I'll discuss it during Black Hat EU and I'll drop a paper afterwards 🫡

https://www.blackhat.com/eu-25/briefings/schedule/index.html#soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl-49018