Collaborate Disseminate
I have an MVC app that is using the AntiForgeryToken capability of ASP.NET MVC. AFAICT this uses an encrypted synchronizer token variation where it validates the payload of the tokens.
A customer has questioned the fact that these tokens … Continue reading Is it valid to defend an CSRF token against replay (e.g. with a timestamp)?
I have a .net dll with embedded resources on a webserver running asp.net mvc, and it would be useful give the resources a url path to make them behave more like traditional files.
The resources are accessed by dot-separated … Continue reading What the security risks when allowing a user to specify the embedded resource name?
I have made a website, in which on login I am using pbkdf2_sha256 for password hashing. I have used salt also.
I want to make a simple software just for the experience, I want to login into the c# software using same credenti… Continue reading How to implement pbkdf2_sha256 in c# [migrated]
I was reading this writeup of how CylancePROTECT can be exploited. It has a Windows service which is implemented using .NET.
It seems that for code written in .NET, it is trivial to locate important variables and find their … Continue reading Prevent external processes from changing .NET variable values
I am working on developing a REST API that will be used by first party clients that we develop, and third party clients in the future. The first party clients include a SPA client side application, and programs that run on c… Continue reading Securing a multi-tenant API with SSO and different roles per tenant
I was trying to run shellcode with a specific token in C# and my code is
public static void RunShellCode (NtToken token ,byte[] command) {
byte[] shell_code = new byte[command.Length];
shell_code = command… Continue reading Can we run a shellcode with a specific access token in C#
I’m trying to create a SAML AuthnRequest for the redirect binding.
This is my (anonymized) AuthRequest:
<samlp:AuthnRequest AssertionConsumerServiceURL=”https://tempuri.org/sp/AssertionConsumerService”
… Continue reading What’s wrong with my signature for a SAML Redirect binding?
Who hasn’t had the experience of a pesky drone buzzing around that family picnic, or hovering over a suburban backyard where bikini-clad daughters are trying to sunbathe in peace? A shotgun used to suffice for such occasions, but with this compressed-air powered drone catcher, there’s no need to worry about illegally discharging a firearm to secure some privacy.
Before the comment line lights up with outrage, the above scenarios are presented entirely in jest. We do not condone the use of force on a drone, nor do we look favorably on those who use drones in a way that even …read more
We have passwords to certain external system that we need to use programmatically to login to that system. We have no control over the external system, we can not hash the password and use it like that so we need the plaintex… Continue reading External password encryption
There is a growing trend among malware authors to incorporate legitimate applications in their malicious package. This time, we encountered a malware downloading a legitimate ffmpeg.
Categories:
Malware
Threat analysis
Tags: .NETffmpegmalwarepayload… Continue reading A .NET malware abusing legitimate ffmpeg
