Showing posts with label .net. Show all posts
Showing posts with label .net. Show all posts

Friday, November 30, 2012

ASPY.a - Malware Source Identified as Blackhat Control Panel Developer

I've spotted a trojan/shell exploit that targets ASP.NET named ASPY.a making the rounds again recently. By no means a 0-day or brand new bit of malware, ASPY.a has been around for about 2 years. It takes advantage of vulnerable ASP scripts, uploads itself to a web server and in unpatched systems that lack sensible permissions policies and the latest updates, it can grant remote attackers administrator access. Microsoft Security Essentials will catch it, however I've seen at least one version of Symantec that does not completely remove compromised files - with Symantec server-level compromise was prevented, but the website itself remained controllable.

So why am I writing a post about a 2 year old piece of malware? The story here is that the circulation appears to be driven by a developer based in Russia that sells "server control panel" (панель управления сервером, управление) software for novices tasked with IIS-based website management. The name of the company is  ISPserver, the software is named ISPmanager (I would stay far away from their website). If you are seeing html and asp/cs files with lines saying "Created by ISP manager 151515" its time to strip permissions from those files and run an antivirus.

Saturday, November 17, 2012

Decrypting Data That Has Been Encrypted by ASP.NET

A colleague of mine let me know about an easy way to use .NET's decryption mechanism from the command line. From the directory of the framework version, issue the following command (replace filename and path where appropriate):

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -pdf "filename" D:\path\
Encrypting configuration section...


Thursday, June 14, 2012


Memory Utilization and .NET Applications

When thinking about launching an .NET application with IIS, memory tuning the webserver is often ignored. I often complained about how php.ini offered more straightforward means to address performance tuning - but I was wrong.

Windows Server reserves half of its available RAM for the operating system. Of the remaining RAM, by default IIS will only allow 60% to be allocated to applications (in v1.0 I think it was actually 40%, in later versions its more generous). This setting is configurable, and can be set in your machine.config of the relevant framework path (%system%Microsoft.NET\Framework\) by adjusting the memoryLimit parameter. I recommend not reserving more than 80%.

There is a ton to do here, and more than I can address in one post. Benchmarking these settings in development is a necessity, so do the needful and check out this overview here:

Tuesday, May 8, 2012

.NET Debugging Tutorials

Do you know who Tess Ferrandez is? If not, you are missing out on the author of what I consider the most lucid series of articles on the topic of debugging .NET. Check out her series of demos on how to fixxit all things .NET. The most useful post I have seen so far is her piece on how to capture dumps on 32 bit process within 64 bit systems (without needing to DL procdump). +1 nerd points to Ms Ferrandez for making my job of learning all things Windows a bit less painful.

RAT Bastard

Earlier this week, several servers I maintain were targeted by automated attempts to upload a remote access trojan (RAT). The RAT is a simpl...