VIEWSTATE Vulnerabilities

1. ViewState Overview
"View state is a method that the ASP.NET page framework uses to preserve page and control values between round trips. When the HTML markup for the page is rendered, the current state of the page and values that must be retained during postback are serialized into base64-encoded strings. This information is then put into the view state hidden field or fields."
MSDN

"What does ViewState do?
- Stores values per control by key name, like a Hashtable
- Tracks changes to a ViewState value's initial state
- Serializes and deserializes saved data into a hidden form field on the client
- Automatically restores ViewState data on postbacks"
From an article on the ViewState mechanisms by an ASP.NET developer

A Backdoor in the Next Generation Active Directory

At the beginning of the last year, I already raised the issue of post-exploitation in a Microsoft Active Directory domain. The brought forward approach addressed the variant aimed mostly at the case of the loss of admin privileges rather than their exploitation. Additionally, the action of regaining the privileges itself involved conspicuous events and visually evident manipulations in the directory. In other words, to regain admin privileges one had to become a member of the appropriate security group, such as Domain Admins.

It should be mentioned that administrators get very nervous when suddenly they realize there is someone else in the system. Some of them rush to address the security incident horse and foot, sometimes taking most unpredictable steps;))

Intercepting Windows Printing by Modifying GDI Subsystem

Artyom Shishkin about Windows GDI

Intercepting Windows Printing by Modifying GDI Subsystem

View more presentations from Positive Hack Days

Root via XSS

Denis Baranov's presentations about XSS

Root via XSS

View more presentations from Positive Hack Days

How to Hack a Telecommunications Company and Stay Alive

Sergey Gordeychik, Technical Director of Positive Technologies, presented his research work on information security of telecommunications companies at the ZeroNight conference. 

How is penetration testing performed for telecom networks? What dangers to expect from subscribers? How to avoid financial losses under hacker attacks?

See his 71-slide presentation How to Hack a Telecommunications Company and Stay Alive under the cut.

Positive Hack Days Forum

PHD 2011-2012 from  Positive Technologies on Vimeo.

Registration on Positive Hack Days 2012 is open - http://phdays.com/registration.asp

PHD CTF Quals opens up a team registration for the information security contests

The coming December will see a qualification competition for PHD CTF, an international information security contest. The main contests will be held on May 30-31, 2012, in Moscow, Russia, as a part of Positive Hack Days, an international forum on information security.

This year everyone can participate in the qualification competitions: either in CTF Quals, or in CTF Afterparty. The competitions will contest participants’ skills of information security assessment, vulnerability search and exploitation, reverse engineering and hacking in general. The contest conditions will be as close to the real-life ones, as possible: vulnerabilities used for PHD CTF Quals and CTF Afterparty are not made-up but taken from the “wildlife”.