Quantcast
Channel: WebstersProdigy » .net
Browsing all 5 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Interesting Problems with .NET IsPostBack()

First, credit where credit is due: Bryan Jeffries (plug here for his awesome book) talked with me about this problem a couple years ago. Since then I’ve found half a dozen bugs related to IsPostBack,...

View Article



Image may be NSFW.
Clik here to view.

AV Evading Meterpreter Shell from a .NET Service

Update: I tried this in April 2013, and it still works quite well if you obfuscate the .net (e.g. using dotfuscator or there are plenty of free ones). I still use the generic idea for SMB type things,...

View Article

Image may be NSFW.
Clik here to view.

ValidateRequest should probably still be Enabled

I noticed this post on reddit a couple weeks back, and it’s called “new .net xss bypass”. I look at .net apps more than anything else right now as part of my day job, so this new bypass is something I...

View Article

Image may be NSFW.
Clik here to view.

.NET MVC AntiforgeryToken CSRF Testing

Besides work being busy, I’m heads down ramping up my Blackhat EU talk, which is mostly about CSRF. I promise it’s more interesting than it sounds. I’m saving my favorite pieces for the talk, but...

View Article

Image may be NSFW.
Clik here to view.

DPAPI Primer for Pentesters

Understanding DPAPI is not that complicated, although the amount of the documentation can be daunting. There is a lot of excellent “under the hood” DPAPI stuff available (e.g. Stealing Windows Secrets...

View Article

Browsing all 5 articles
Browse latest View live


Latest Images