@GossiTheDog 1) 3000 is not a big number on the Internet (quality matters though) 2) This is an overestimation because not all keys are useful (as the captured text also implies)

I haven't touched ASP.NET for a while, but I'd risk to say that app configuration also affects exploitability as i) not all apps rely on signed ViewState (IIRC) ii) deserialization gadgets are not universal.

These are of course solvable problems, but still need to be taken into account for risk assessment.

@GossiTheDog That is technically true, but scanners already look for exposed web.configs, so any affected, but not already exploited Internet-facing sites would be simultaneously extremely negligent and lucky.

https://github.com/projectdiscovery/nuclei-templates/blob/2390fd195ab00f2bb1142dd27ac2ab888622d9bd/http/exposures/configs/web-config.yaml#L22

@GossiTheDog The dangers of exposing ViewState encryption keys (or encryption oracles) were popularized at least by 2010 because of the padding oracle fixed with MS10-070:

https://web.archive.org/web/20101225182433/http://netifera.com/research/poet//PaddingOraclesEverywhereEkoparty2010.pdf

Similar attacks can be executed against frameworks that also protect stateless session data with encryption/MAC's, see CVE-2018-15133 of Laravel:

https://mogwailabs.de/en/blog/2022/08/exploiting-laravel-based-applications-with-leaked-app_keys-and-queues/

We've been hunting for web.config's during pentests too - the latest exploit I remember must've been written around last December by teammate based on a file read vuln exposing web.config.

So yeah, don't expose your private keys... If you do, that's not the problem of the crypto system (or ASP.NET in this case).

[RSS] CVE-2024-55957: Local Privilege Escalation Vulnerability in Thermo Scientific(TM) Xcalibur(TM) and Foundation software

https://tierzerosecurity.co.nz/2025/02/07/cve-2024-55957.html

My 10k-word writeup on exploiting a heap-overflow in Llama.cpp's RPC Server's Tensor-operation to RCE. This by far is one of the most challenging but fun exploitation I've ever researched on.

https://retr0.blog/blog/llama-rpc-rce

Status: after two days of intensive calculation the whopping 1MB CalDAV import failed somewhere between 87-100% and I have no clue what was done and what needs to be fixed. #Thunderbird

Fortunately I found a solution that did the job in 5 mins at server-side:

https://www.reddit.com/r/selfhosted/comments/jbnu1l/how_would_i_push_an_ics_to_a_caldav_server/

CVE-2024-43625 - 2024-Nov - Microsoft Windows VMSwitch Elevation of Privilege - Use After Free - CVSS 8.1

#ghidriff vmwsitch diff
https://gist.github.com/clearbluejar/b5c12615270a54d031dc13a7d07988c9
👀🔥

Side-by-side view: https://diffpreview.github.io/?b5c12615270a54d031dc13a7d07988c9 🧐

A patch diffing 🧵...

Here are the differences in the generated documentation:

https://gist.github.com/v-p-b/c148f7e41d922682e89e57feccedec24

Since it's #Ghidra release day I contributed my part to climate change and built the latest version a couple of times.

The latest generated docs are available as usual at:
https://scrapco.de/ghidra_docs/

(I haven't found more hidden gems about PyGhidra yet)

Pre-built release for ghidra-r2web is here:
https://github.com/radareorg/ghidra-r2web/releases/tag/ghidra-11.3

I'll probably give VSCode-based extension development a shot during the weekend. I'll let y'all know how it's going, but Eclipse shouldn't be hard to beat...

@gsuberland @RikerGoogling And that is how Kif gets pregnant!

Have tips? Story ideas? Something you think I should know about?

Reach me on Signal at KimZ.42

I cover cybersecurity and national security, writing about: nation-state hacking, espionage, cyber warfare, cybercrime, and policy. I don't write about companies - unless they've done something wrong.

I keep coming across all these "pseudocode" examples on Wikipedia and in academic papers, and what I don't understand is why the authors can't just learn a real programming language

U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report /by @kimzetter

https://www.zetter-zeroday.com/u-s-government-disclosed-39-zero-day-vulnerabilities-in-2023-per-first-ever-report/

The original "report" is here:
https://www.wyden.senate.gov/imo/media/doc/fy23_unclassified_vep_annual_reportpdf.pdf

#Ghidra 11.3 released - PyGhidra is live \o/

What's New:
https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_11.3_build/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.md

Change History:
https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_11.3_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

Project: microsoft/TypeScript https://github.com/microsoft/TypeScript
File: src/services/classifier2020.ts:127 https://github.com/microsoft/TypeScript/blob/cbac1ddfc73ca3b9d8741c1b51b74663a0f24695/src/services/classifier2020.ts#L127

function visit(node: Node)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FTypeScript%2Fblob%2Fcbac1ddfc73ca3b9d8741c1b51b74663a0f24695%2Fsrc%2Fservices%2Fclassifier2020.ts%23L127&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FTypeScript%2Fblob%2Fcbac1ddfc73ca3b9d8741c1b51b74663a0f24695%2Fsrc%2Fservices%2Fclassifier2020.ts%23L127&colors=light

Project: golang/go https://github.com/golang/go
File: src/cmd/internal/obj/ppc64/asm9.go:5134 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/internal/obj/ppc64/asm9.go#L5134

func (c *ctxt9) oploadx(a obj.As) uint32

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Finternal%2Fobj%2Fppc64%2Fasm9.go%23L5134&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Finternal%2Fobj%2Fppc64%2Fasm9.go%23L5134&colors=light

A message to my fellow Europeans.
Don't be paralysed by overseas fascism.
It is time for Europe and its citizens to focus less on the USA.
Stop obsessively following the news in a country where you cannot change anything.
Focus your attention on where you can make an impact.
All attention is needed here to fight growing fascism.

#EU #Europe #Fascism #StopFascism

Discover the little computer people https://en.wikipedia.org/wiki/Little_Computer_People

@ttyS1 Thunderbird + Radicale

9 hours later, we're at 51% 😂