Collaborate Disseminate
Cyberespionage attackers have ditched their PowerShell backdoor in favor of the Windows BITS ‘notification’ feature. Continue reading Stealth Falcon Targets Middle East with Windows BITS Feature
We have a report that generates ~100 rows daily and our customers have to enter the data into third-party software. We hoped that the software allows some kind of data upload so that our customers don’t have to do the tedious… Continue reading Using Selenium to automate data entry
I’m using Rfc2898DeriveBytes in my application to encrypt a password with a randomly generated salt, and with a set iterator count for slowness.
Before, I just grabbed the generated salt and put it as a parameter for Rfc2898… Continue reading Am I using RfcDeriveBytes correctly, when the salt I’m providing it contains the password?
Environment:
Microsoft Windows
IIS Web server
MSSQL DB
Let’s say an application gets compromised with an RCE, what’s the best scenario of protecting the database connection string file or any other sensitive configurati… Continue reading Securing DB connection string and other configuration files in RCE scenario
Veracode reports that the below code is susceptible to CWE-611: Improper Restriction of XML External Entity Reference.
XslCompiledTransform transform = new XslCompiledTransform();
transform.Load(xslwithospath);
StringWriter … Continue reading CWE-611: Improper Restriction of XML External Entity Reference with XSL include
I have some secrets that need to be transferred from my .NET application to another. I am using the CNG DPAPI to encrypt these secrets, and I wish to find the most suitable place to store them (in this encrypted format) on my… Continue reading Where to store secrets in .NET applications?
Customer is asking for LDAP / Active Directory authentication along with OTP (one time password) / multi-factor authentication for an old existing web application written in (asp.net MVC2). Is this possible?
Currently, we ar… Continue reading Active Directory with multi factor authentication for an existing web application
I am in need of creating my first external-facing API which a client will use to gain access to specific company data. Can someone provide me a very good and simple tutorial or example on how to go about providing a token wh… Continue reading Creating my first external facing API [on hold]
I am creating a .NET core webapp in C# that takes in a user password and hashes it to be stored on a server. I’m using Rfc2898DeriveBytes along with a randomly generated salt. I’ve read, however, that I should avoid using str… Continue reading How to avoid using System.String with Rfc2898DeriveBytes in C#
I’m working on a vulnerability within an application that uses .NET Remoting. I can see from the code that there are a number of potential ways to get RCE, but due to how the application performs its communications I cannot j… Continue reading Is there an easy way to dissect .NET Remoting traffic for reverse engineering?