NTNINJA

dnre-mcp 0.1.0 — .NET Reverse Engineering via MCP

Thu, 05 Mar 2026 01:00:00 +0000

I just released dnre-mcp 0.1.0, a standalone MCP server for .NET assembly reverse engineering and decompilation.

What It Does
#

dnre-mcp lets AI assistants load, inspect, and decompile .NET assemblies directly through the Model Context Protocol. It exposes 10 tools covering assembly loading, type and method discovery, namespace browsing, and full C# source decompilation. Under the hood it uses ICSharpCode.Decompiler, the same engine that powers ILSpy.

WEDP 1.0.0-rc1 and dbgeng-mcp 0.1.0

Thu, 12 Feb 2026 01:00:00 +0000

Quick update on two projects that have been getting a lot of my attention lately.

WEDP 1.0.0-rc1
#

WEDP (Windows Exploit Development Plugin) has hit its first release candidate. If you are not familiar with it, WEDP is a native WinDbg extension I built for exploit development workflows. It provides ROP/SEH/stack-pivot gadget search, cyclic pattern utilities, module protection enumeration, inline assembly, and a bunch of other stuff you would normally need multiple tools for. I wrote a post recently on using it with an MCP server and that really pushed me to clean things up and get a proper release out.

WinDBG MCP with WEDP

Fri, 06 Feb 2026 09:00:00 -0500

I have been late to the game with adopting GenAI into my workflow, but we are at full steam now. I have slowly been adding it into my daily routines to see where I can gain efficiency leveraging this new tech. One of the big areas I am playing with right now is for writing Windows based CTF challenges, and now in the past few days, seeing how I can leverage GenAI for writing POCs for these new challenges. In this post we are going to walk through my initial setup for using the WinDbg EXT MCP to control a windbg instance that has the extension I wrote a long time ago, WEDP (Windows Exploit Development Plugin), to improve the process of going from crash to POC.

Protecting Repos with Encrypted GIT

Mon, 21 Nov 2022 15:00:00 -0500

Open source software development is great, and there exists an abundance of difference git solutions to create public and private repositories for collaboration and distribution. Private repos give you an extra layer of control by not allowing your code base to be seen by the public. Occasionally you may have a project that you want to be able to collaborate with a limited set of remote people, and want restrict the possiblity of your source being viewed, even by the git service provider. None of the commercial git providers have a good solution for this currently, at least that I know of.

Installing Exchange 2019 on Server 2019 for Lab

Sat, 08 Oct 2022 09:00:00 -0500

Right off the bat, if you are looking for resources on how to set up or manange exchange in a production environment then stop reading, this installation was purely for a lab environment to practice red team techniques and play with some recent exploits.

As someone with 0 training in windows adminstration, getting exchange working in my lab has been a long and painful experience. It ended up just taking a lot of research to find a web site with a walk through that finally worked for me to get a basic setup. I will admit that I dont fully understand exactly what every command is completing in the setup process, but its not really necessary for the my use cases. This 5 part guide from nucleus technologies is what I followed for the most part and has much more detail, but I will add some additional links for dependencies to get everything in one place.

.NET Deserialization Challenge 1

Wed, 28 Sep 2022 09:00:00 -0500

Challenge Download
#

In this challenge you are given a single binary. The binary can simply take in user input to serialize an object to a file or take in a file and deserialize the object and print the contents. Your goal is to get arbitrary command execution using any tools necessary from the binary.

Good Luck!

.NET Deserialization Challenge 2

Wed, 28 Sep 2022 09:00:00 -0500

Challenge Download
#

Wacky File Transfer
#

In this challenge you are presented with the Wacky File Transfer client wft_client.exe and Wacky File Transfer server wft_server.exe. The helper library wft_helpers.dll that is used by both the client and the server is also included and must be present in the same directory as the client or server to execute them.

rundll... more like fundll

Sun, 25 Sep 2022 09:00:00 -0500

Have you ever written a DLL that had standalone functionality and wasn’t meant to be used as a library? Considering that library is in the name, this idea seems contrary to what a library should be. Well, you can thank Microsoft for providing a way to execute standalone functionality from a DLL. Not only did they do that, they also provide DLLs with functionality that you need this utility to run!!! Say hello to rundll32, pronounced run dull all smashed as one word in some circles.

About

Mon, 01 Jan 0001 00:00:00 +0000

Software Developer, Security Researcher, Extreme Sports Athlete.

My primary technical interests include Windows Internals research, Win32 Dev, Windows Kernel Dev, Windows VR and Exploit Dev. I also enjoy learning about and testing red team tools, doing CTF style challenges and continuing to grow my knowledge of the security field. I love to share my passion and teach what I have learned about Windows to others.

dbgeng-mcp

Mon, 01 Jan 0001 00:00:00 +0000

Links
#

GitLab Repository

Overview
#

dbgeng-mcp is a Model Context Protocol (MCP) server that bridges AI assistants to the Windows Debugging Engine (dbgeng.dll). Built with Python and a native C++ extension (pybind11), it exposes debugger functionality as MCP tools so that LLM-based agents can launch, attach to, and inspect processes through natural language. The project is currently alpha software under active development and is MIT licensed.

dnre-mcp

Mon, 01 Jan 0001 00:00:00 +0000

Links
#

GitLab Repository

Overview
#

dnre-mcp is a Model Context Protocol (MCP) server for .NET assembly reverse engineering and decompilation. It gives AI assistants like Claude the ability to load, analyze, and decompile .NET assemblies without needing a GUI tool like dnSpy or ILSpy open. Built in C# on .NET 10 and powered by ICSharpCode.Decompiler (the engine behind ILSpy), it communicates over stdio for easy integration with Claude Code and Claude Desktop. The project is MIT licensed.

Projects

Mon, 01 Jan 0001 00:00:00 +0000

TantoC2 - Red Team Command & Control Framework
#

A modular C2 framework for authorized penetration testing and adversary simulation. Single deployable Python process with multi-operator support, P2P relay, agentless operations, and full audit logging.

WEDP - Windows Exploit Development Plugin
#

A native WinDbg extension for exploit development. Provides 20 commands for gadget search, pattern utilities, memory analysis, and more. Written in C++ with native x86/x64 support.

Resources

Mon, 01 Jan 0001 00:00:00 +0000

Web Sites / Blogs
#

Windows
#

InfoSec
#

Reverse Engineering
#

Programming
#

Vulnerability Research / Exploit Dev / Red Teaming
#

General Exploitation
#

Windows
#

Heap
#

Patch Diffing
#

Kernel
#

PatchGuard
#

Fuzzing
#

Tutorials / Practice
#

VR / ED Tools
#

Red Team Tools
#

Scanning / Enumeration
#

nmap

Windows
#

Tunneling
#

C2
#

Other
#

Evasion / AV Bypass
#

PoCs
#

Git Accounts
#

Tactics, Techniques, Examples, Write-Ups
#

COM Hijacking
#

Cheat Sheets
#

Windows Development / Internals
#

Networking
#

WinCrypt / Crypto Next Generation (CNG)
#

WinDbg
#

Internals
#

Microsoft Protocol Documentation
#

Kerveberos (MS-KILE)

TantoC2 - Red Team Command & Control Framework

Mon, 01 Jan 0001 00:00:00 +0000

Links
#

Documentation

Overview
#

TantoC2 is a red team command-and-control framework designed for authorized penetration testing and adversary simulation. It runs as a single deployable Python process with no external service dependencies — no Redis, Celery, or external databases — making deployment trivial. Built with Flask, SQLAlchemy, and SQLite, it supports concurrent multi-operator engagements with real-time WebSocket event streaming.

WEDP - Windows Exploit Development Plugin

Mon, 01 Jan 0001 00:00:00 +0000

Links
#

GitLab Repository
Releases
WinDBG MCP with WEDP — Blog post on using WEDP with an MCP server

Overview
#

WEDP is a native WinDbg extension built for exploit development workflows. Written in C++ with native x86 and x64 support, it provides 20 commands covering gadget search, pattern generation, memory analysis, and more — all from within the debugger. WEDP is MIT licensed and leverages Zydis for disassembly and AsmJit/AsmTk for assembly.

NTNINJA

dnre-mcp 0.1.0 — .NET Reverse Engineering via MCP

What It Does #

WEDP 1.0.0-rc1 and dbgeng-mcp 0.1.0

WEDP 1.0.0-rc1 #

WinDBG MCP with WEDP

Protecting Repos with Encrypted GIT

Installing Exchange 2019 on Server 2019 for Lab

.NET Deserialization Challenge 1

Challenge Download #

.NET Deserialization Challenge 2

Challenge Download #

Wacky File Transfer #

rundll... more like fundll

About

dbgeng-mcp

Links #

Overview #

dnre-mcp

Links #

Overview #

Projects

TantoC2 - Red Team Command & Control Framework #

WEDP - Windows Exploit Development Plugin #

Resources

Web Sites / Blogs #

Windows #

InfoSec #

Reverse Engineering #

Programming #

Vulnerability Research / Exploit Dev / Red Teaming #

General Exploitation #

Windows #

Heap #

Patch Diffing #

Kernel #

PatchGuard #

Fuzzing #

Tutorials / Practice #

VR / ED Tools #

Red Team Tools #

Scanning / Enumeration #

Windows #

Tunneling #

C2 #

Other #

Evasion / AV Bypass #

PoCs #

Git Accounts #

Tactics, Techniques, Examples, Write-Ups #

COM Hijacking #

Cheat Sheets #

Windows Development / Internals #

Networking #

WinCrypt / Crypto Next Generation (CNG) #

WinDbg #

Internals #

Microsoft Protocol Documentation #

TantoC2 - Red Team Command & Control Framework

Links #

Overview #

WEDP - Windows Exploit Development Plugin

Links #

Overview #

What It Does
#

WEDP 1.0.0-rc1
#

Challenge Download
#

Challenge Download
#

Wacky File Transfer
#

Links
#

Overview
#

Links
#

Overview
#

TantoC2 - Red Team Command & Control Framework
#

WEDP - Windows Exploit Development Plugin
#

Web Sites / Blogs
#

Windows
#

InfoSec
#

Reverse Engineering
#

Programming
#

Vulnerability Research / Exploit Dev / Red Teaming
#

General Exploitation
#

Windows
#

Heap
#

Patch Diffing
#

Kernel
#

PatchGuard
#

Fuzzing
#

Tutorials / Practice
#

VR / ED Tools
#

Red Team Tools
#

Scanning / Enumeration
#

Windows
#

Tunneling
#

C2
#

Other
#

Evasion / AV Bypass
#

PoCs
#

Git Accounts
#

Tactics, Techniques, Examples, Write-Ups
#

COM Hijacking
#

Cheat Sheets
#

Windows Development / Internals
#

Networking
#

WinCrypt / Crypto Next Generation (CNG)
#

WinDbg
#

Internals
#

Microsoft Protocol Documentation
#

Links
#

Overview
#

Links
#

Overview
#