Finding vulnerabilities in .NET is something I quite enjoy, it generally meets my criteria of only looking for logic bugs. Probably the first research I did was into .NET serialization where I got some interesting results, and my first Blackhat USA presentation slot. One of the places where you could abuse serialization was in .NET remoting, which is a technology similar to Java RMI or CORBA to access .NET objects remotely (or on the same machine using IPC). Microsoft consider it a legacy technology and you shouldn't use it, but that won't stop people.
more here.........http://tyranidslair.blogspot.co.uk/2014/11/stupid-is-as-stupid-does-when-it-comes.html
more here.........http://tyranidslair.blogspot.co.uk/2014/11/stupid-is-as-stupid-does-when-it-comes.html