Soroush Dalili (@irsdl) – سروش دلیلی | Web AppSec ninja, semicolon character enthusiast!

• https://soroush.secproject.com/blog/
• https://soroush.secproject.com/blog/my-advisories/
• https://soroush.secproject.com/blog/privacy-policy/
• https://soroush.secproject.com/blog/2019/08/uploading-web-config-for-fun-and-profit-2/
• https://soroush.secproject.com/blog/2019/08/uploading-web-config-for-fun-and-profit-2/#respond
• https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/
• https://docs.microsoft.com/en-us/iis/get-started/planning-your-iis-architecture/understanding-sites-applications-and-virtual-directories-on-iis
• https://soroush.secproject.com/blog/2019/07/iis-application-vs-folder-detection-during-blackbox-testing/
• https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/
• https://www.nccgroup.trust/uk/our-research/use-of-deserialisation-in-.net-framework-methods-and-classes/
• https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/compiler-options/listed-alphabetically
• https://www.owasp.org/index.php/Unrestricted_File_Upload
• https://github.com/nccgroup/CrossSiteContentHijacking
• https://techcommunity.microsoft.com/t5/IIS-Support-Blog/How-to-prevent-web-config-files-to-be-overwritten-by-config/ba-p/297627
• https://weblogs.asp.net/jongalloway/10-things-asp-net-developers-should-know-about-web-config-inheritance-and-overrides
• https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/ms228167(v=vs.100)
• https://referencesource.microsoft.com/#System.Web/IHttpHandler.cs,62c4e10ee7e6cd36,references
• https://referencesource.microsoft.com/#System.Web/IHttpHandlerFactory.cs,8437c9ce8bcd1bda,references
• https://referencesource.microsoft.com/#System.Web/IHttpHandlerFactory.cs,21cd2fd2bb57b501,references
• https://referencesource.microsoft.com/#System.Web/Configuration/CompilationSection.cs,904
• https://soroush.secproject.com/blog/category/securityposts/
• https://soroush.secproject.com/blog/tag/asp-net/
• https://soroush.secproject.com/blog/tag/bypass/
• https://soroush.secproject.com/blog/tag/deserialisation/
• https://soroush.secproject.com/blog/tag/deserialization/
• https://soroush.secproject.com/blog/tag/file-upload/
• https://soroush.secproject.com/blog/tag/file-upload-bypass/
• https://soroush.secproject.com/blog/tag/iis/
• https://soroush.secproject.com/blog/tag/rce/
• https://soroush.secproject.com/blog/tag/remote-code-execution/
• https://soroush.secproject.com/blog/tag/unrestricted-file-upload/
• https://soroush.secproject.com/blog/tag/web-config/
• https://soroush.secproject.com/blog/tag/xss-vulnerability/
• https://soroush.secproject.com/blog/author/soroush/
• https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
• https://office.live.com/start/profile_json_appservice.axd/jsdebug
• https://office.live.com/stat/profile_json_appservice.axd/jsdebug
• https://referencesource.microsoft.com/#system.web.extensions/Script/Services/WebServiceData.cs
• https://soroush.secproject.com/blog/tag/appservice-axd/
• https://soroush.secproject.com/blog/tag/blackbox/
• https://soroush.secproject.com/blog/tag/json/
• https://soroush.secproject.com/blog/tag/tip/
• https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/
• https://docs.microsoft.com/en-us/dotnet/api/system.web.httpruntime.appdomainappvirtualpath
• https://docs.microsoft.com/en-us/dotnet/api/system.web.httpruntime.appdomainappid
• https://gist.github.com/irsdl/36e78f62b98f879ba36f72ce4fda73ab
• https://gyorgybalassy.wordpress.com/2013/12/07/how-unique-is-your-machine-key/
• http:// https://devblogs.microsoft.com/aspnet/cryptographic-improvements-in-asp-net-4-5-pt-1/
• https://soroush.secproject.com/blog/tag/autogenerate/
• https://soroush.secproject.com/blog/tag/backdoor/
• https://soroush.secproject.com/blog/tag/machine-config/
• https://soroush.secproject.com/blog/tag/machinekey/
• https://soroush.secproject.com/blog/tag/red-team/
• https://soroush.secproject.com/blog/tag/viewstate/
• https://soroush.secproject.com/blog/2019/05/x-up-devcap-post-charset-header-in-aspnet-to-bypass-wafs-again/
• https://github.com/nccgroup/BurpSuiteHTTPSmuggler/
• https://github.com/Microsoft/referencesource/blob/3b1eaf5203992df69de44c783a3eda37d3d4cd10/System/net/System/Net/HttpListenerRequest.cs#L362
• https://github.com/Microsoft/referencesource/blob/08b84d13e81cfdbd769a557b368539aac6a9cb30/System.Web/HttpRequest.cs#L905
• https://twitter.com/ChrFolini
• https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1392
• https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/request-encoding-to-bypass-web-application-firewalls/
• https://www.slideshare.net/SoroushDalili/waf-bypass-techniques-using-http-standard-and-web-servers-behaviour
• https://soroush.secproject.com/blog/2018/08/waf-bypass-techniques-using-http-standard-and-web-servers-behaviour/
• https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/september/rare-aspnet-request-validation-bypass-using-request-encoding/
• https://soroush.secproject.com/blog/tag/request-encoding/
• https://soroush.secproject.com/blog/tag/waf/
• https://soroush.secproject.com/blog/tag/waf-bypass/
• https://soroush.secproject.com/blog/tag/x-up-devcap-post-charset/
• https://docs.microsoft.com/en-us/dotnet/api/system.web.ui.losformatter
• https://docs.microsoft.com/en-us/dotnet/api/system.web.ui.objectstateformatter
• https://devblogs.microsoft.com/aspnet/farewell-enableviewstatemac/
• https://www.owasp.org/index.php/Anti_CSRF_Tokens_ASP.NET
• https://docs.microsoft.com/en-us/previous-versions/aspnet/hh975440(v=vs.120)
• https://github.com/Microsoft/referencesource/blob/master/System.Web/Util/AppSettings.cs#L59
• https://github.com/Microsoft/referencesource/blob/master/System.Web/UI/Page.cs#L4034
• https://www.troyhunt.com/understanding-and-testing-for-view/
• https://portswigger.net/kb/issues/00400600_asp-net-viewstate-without-mac-enabled
• https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/viewstate-mac-disabled/
• https://www.acunetix.com/vulnerabilities/web/view-state-mac-disabled/
• https://github.com/pwntester/ysoserial.net/
• https://docs.microsoft.com/en-us/dotnet/api/system.web.configuration.machinekeysection
• https://docs.microsoft.com/en-us/dotnet/api/system.web.configuration.machinekeysection.compatibilitymode
• https://docs.microsoft.com/en-us/dotnet/api/system.web.ui.control.templatesourcedirectory
• https://docs.microsoft.com/en-us/previous-versions/dotnet/articles/ms972969(v=msdn.10)
• https://software-security.sans.org/developer-how-to/developer-guide-csrf
• https://github.com/pwntester/ysoserial.net/tree/master/ysoserial/Plugins/ViewStatePlugin.cs
• https://github.com/pwntester/ysoserial.net/tree/v2/ysoserial/Plugins/ViewStatePlugin.cs
• https://github.com/nccgroup/VulnerableDotNetHTTPRemoting/tree/master/ysoserial.net-v2
• https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/march/finding-and-exploiting-.net-remoting-over-http-using-deserialisation/
• https://www.slideshare.net/ASF-WS/asfws-2014-slides-why-net-needs-macs-and-other-serialization-talesv20
• https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_Slides.pdf
• https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2013/2905247
• https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf
• https://www.slideshare.net/MSbluehat/dangerous-contents-securing-net-deserialization
• https://speakerdeck.com/pwntester/dot-net-serialization-detecting-and-defending-vulnerable-endpoints?slide=54
• https://vimeopro.com/user18478112/canvas/video/260982761
• https://github.com/0xACB/viewgen
• https://github.com/Illuminopi/RCEvil.NET
• https://web.archive.org/web/20190803165724/https://pwnies.com/nominations/
• https://docs.microsoft.com/en-us/previous-versions/aspnet/hh975440(v=vs.120)
• https://github.com/Microsoft/referencesource/blob/master/System.Web/UI/Page.cs#L4034
• https://www.troyhunt.com/understanding-and-testing-for-view/
• https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf
• https://soroush.secproject.com/blog/page/2/
• https://twitter.com/irsdl
• https://www.linkedin.com/in/sdalili/
• https://github.com/irsdl
• https://soroush.secproject.com/blog/2019/04/yet-other-examples-of-abusing-csrf-in-logout/
• https://soroush.secproject.com/blog/2019/04/how-to-win-big-and-even-more/
• https://soroush.secproject.com/blog/2019/03/finding-and-exploiting-net-remoting-over-http-using-deserialisation/
• https://soroush.secproject.com/blog/2018/12/more-research-on-net-deserialization/
• https://soroush.secproject.com/blog/2018/12/feel-honoured-to-be-there-again-after-8-years-top-10-web-hacking-techniques-of-2017/
• https://soroush.secproject.com/blog/2018/12/story-of-two-published-rces-in-sharepoint-workflows/
• https://soroush.secproject.com/blog/2018/08/asp-net-resource-files-resx-and-deserialization-issues/
• https://soroush.secproject.com/blog/2018/08/ms-2018-q4-top-5-bounty-hunter-for-2-rces-in-sharepoint-online/
• https://soroush.secproject.com/blog/2018/08/smb-hash-hijacking-user-tracking-in-ms-outlook/
• https://soroush.secproject.com/blog/2019/08/
• https://soroush.secproject.com/blog/2019/07/
• https://soroush.secproject.com/blog/2019/05/
• https://soroush.secproject.com/blog/2019/04/
• https://soroush.secproject.com/blog/2019/03/
• https://soroush.secproject.com/blog/2018/12/
• https://soroush.secproject.com/blog/2018/08/
• https://soroush.secproject.com/blog/2018/02/
• https://soroush.secproject.com/blog/2017/09/
• https://soroush.secproject.com/blog/2017/08/
• https://soroush.secproject.com/blog/2017/05/
• https://soroush.secproject.com/blog/2016/10/
• https://soroush.secproject.com/blog/2015/06/
• https://soroush.secproject.com/blog/2015/03/
• https://soroush.secproject.com/blog/2015/02/
• https://soroush.secproject.com/blog/2014/08/
• https://soroush.secproject.com/blog/2014/07/
• https://soroush.secproject.com/blog/2014/05/
• https://soroush.secproject.com/blog/2014/04/
• https://soroush.secproject.com/blog/2014/01/
• https://soroush.secproject.com/blog/2013/10/
• https://soroush.secproject.com/blog/2013/09/
• https://soroush.secproject.com/blog/2013/04/
• https://soroush.secproject.com/blog/2013/03/
• https://soroush.secproject.com/blog/2012/11/
• https://soroush.secproject.com/blog/2012/10/
• https://soroush.secproject.com/blog/2012/08/
• https://soroush.secproject.com/blog/2012/06/
• https://soroush.secproject.com/blog/2012/04/
• https://soroush.secproject.com/blog/2011/12/
• https://soroush.secproject.com/blog/2011/05/
• https://soroush.secproject.com/blog/2011/03/
• https://soroush.secproject.com/blog/2011/01/
• https://soroush.secproject.com/blog/2010/12/
• https://soroush.secproject.com/blog/2010/09/
• https://soroush.secproject.com/blog/2010/08/
• https://soroush.secproject.com/blog/2010/07/
• https://soroush.secproject.com/blog/2010/06/
• https://soroush.secproject.com/blog/2010/05/
• https://soroush.secproject.com/blog/2010/03/
• https://soroush.secproject.com/blog/2010/01/
• https://soroush.secproject.com/blog/2009/12/
• https://soroush.secproject.com/blog/2009/11/
• https://soroush.secproject.com/blog/2009/08/
• https://soroush.secproject.com/blog/2009/02/
• https://soroush.secproject.com/blog/2009/01/
• https://soroush.secproject.com/blog/2008/12/
• https://soroush.secproject.com/blog/tag/anti-xss-bypass/
• https://soroush.secproject.com/blog/tag/antixss-bypass/
• https://soroush.secproject.com/blog/tag/bug-bounty/
• https://soroush.secproject.com/blog/tag/challenge/
• https://soroush.secproject.com/blog/tag/computer-science-vulnerabilities/
• https://soroush.secproject.com/blog/tag/critical-vulnerabilities/
• https://soroush.secproject.com/blog/tag/csrf/
• https://soroush.secproject.com/blog/tag/csrf-attacks/
• https://soroush.secproject.com/blog/tag/externalinterface/
• https://soroush.secproject.com/blog/tag/externalinterface-call/
• https://soroush.secproject.com/blog/tag/facebook-mobwars-cheat/
• https://soroush.secproject.com/blog/tag/file-uploader-bypass-methods/
• https://soroush.secproject.com/blog/tag/file-uploader-security-bypass/
• https://soroush.secproject.com/blog/tag/flash/
• https://soroush.secproject.com/blog/tag/flash-xss/
• https://soroush.secproject.com/blog/tag/hacking-videos/
• https://soroush.secproject.com/blog/tag/iis-file-extension-security-bypass/
• https://soroush.secproject.com/blog/tag/iis-tilde-bug/
• https://soroush.secproject.com/blog/tag/iis-tilde-feature/
• https://soroush.secproject.com/blog/tag/iis-tilde-vulnerability/
• https://soroush.secproject.com/blog/tag/javascript/
• https://soroush.secproject.com/blog/tag/logical-flaw/
• https://soroush.secproject.com/blog/tag/microsoft-iis-vulnerability/
• https://soroush.secproject.com/blog/tag/penetration-testing/
• https://soroush.secproject.com/blog/tag/privacy/
• https://soroush.secproject.com/blog/tag/travian-game/
• https://soroush.secproject.com/blog/tag/travian-hack/
• https://soroush.secproject.com/blog/tag/travian-online-game/
• https://soroush.secproject.com/blog/tag/unrestricted-file-download/
• https://soroush.secproject.com/blog/tag/website-vulnerability/
• https://soroush.secproject.com/blog/tag/xsrf/
• https://soroush.secproject.com/blog/tag/xss/
• https://www.reddit.com/r/netsec/.rss
• https://www.reddit.com/r/netsec/
• https://www.reddit.com/r/netsec/comments/ctnb38/learn_how_to_use_and_scale_osquery_to_detect/
• https://www.reddit.com/r/netsec/comments/ctloyw/researcher_banned_from_valves_bug_bounty_program/
• https://www.reddit.com/r/netsec/comments/ctj1ji/attack_with_jupyter/
• https://www.reddit.com/r/netsec/comments/cthm85/privilege_escalation_attacks_on_windows/
• https://www.reddit.com/r/netsec/comments/ctfkoc/xslt_injection_basics_with_saxon_ektron_cms_rce/
• http://www.securityfocus.com/rss/vulnerabilities.xml
• http://www.securityfocus.com/
• http://www.securityfocus.com/bid/109320
• http://www.securityfocus.com/bid/109383
• http://www.securityfocus.com/bid/109374
• http://www.securityfocus.com/bid/98412
• http://www.securityfocus.com/archive/1/542212
• https://www.exploit-db.com/rss.xml
• https://www.exploit-db.com/
• https://www.exploit-db.com/exploits/47297
• https://www.exploit-db.com/exploits/47298
• https://www.exploit-db.com/exploits/47295
• https://www.exploit-db.com/exploits/47285
• https://www.exploit-db.com/exploits/47286
• https://wordpress.org/