The Risks of Publicly Disclosed ASP.NET Machine Keys in Code Injection Attacks

Summary Cyble Research Intelligence Lab (CRIL) came across insights provided by Microsoft regarding a ViewState code injection attack observed in December 2024. A threat actor used a publicly available ASP.NET machine key to inject malicious code and...