{"id":1908,"date":"2025-02-12T13:41:28","date_gmt":"2025-02-12T13:41:28","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1908"},"modified":"2025-02-12T13:41:28","modified_gmt":"2025-02-12T13:41:28","slug":"dont-use-public-asp-net-keys-duh-microsoft-warns","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1908","title":{"rendered":"Don\u2019t use public ASP.NET keys (duh), Microsoft warns"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Microsoft Threat Intelligence in December observed a \u201cthreat actor\u201d using a publicly available ASP.NET machine key to inject malicious code and fetch the\u00a0<a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/november-2024%E2%80%93godzilla-webshell-analyst-note.pdf\">Godzilla<\/a>\u00a0post-exploitation framework, a \u201cbackdoor\u201d web shell used by intruders to execute commands and manipulate files. The company then identified more than 3,000 publicly disclosed ASP.NET machine keys\u2014i.e., keys that were disclosed in code documentation and repositories\u2014that could be used in these types of attacks, called ViewState code injection attacks.<\/p>\n<p><a href=\"https:\/\/www.infoworld.com\/article\/3822367\/dont-use-public-asp-net-keys-duh-microsoft-warns.html\">Continue reading on InfoWorld<br \/><\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Microsoft Threat Intelligence in December observed a \u201cthreat actor\u201d using a publicly available ASP.NET machine key to inject malicious code and fetch the\u00a0Godzilla\u00a0post-exploitation framework, a \u201cbackdoor\u201d web shell used by intruders to execute commands and manipulate files. The company then identified more than 3,000 publicly disclosed ASP.NET machine keys\u2014i.e., keys that were disclosed in code [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":1909,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1908","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1908"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1908"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1908\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1909"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}