Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

0% Positive

Analyzed from 214 words in the discussion.

Trending Topics

#keys#warning#machine#safe#windows#view#state#autogen#website#browsing

Discussion (4 Comments)Read Original on HackerNews

random3about 2 hours ago
All I'm seeing when opening this is a big red warning

> Deceptive Website Warning > This website may try to trick you into doing something dangerous, like installing software or disclosing personal or financial information, like passwords, phone numbers, or credit

ryanisnanabout 2 hours ago
Same, Firefox. Curious.
alwaabout 2 hours ago
I'm not inclined to click through the Google Safe Browsing warning, but should one trust an archive to strip active content:

https://archive.ph/gQcRU

Appears to be a forensic walkthrough, working backward to calculate a decryption key to read application logs, working from a disk image of a Windows/IIS machine suspected to be malware-affected.

It includes the output of a run of a utility the author built to help. Which, I mean... I can see why Safe Browsing might get grumpy from the content alone; I'm also in no position to assess whether there's actual sneaky stuff going on too.

Excerpt:

Published: 23/01/2026

I recently had someone reach out to me with an interesting problem. They had found a 1316 event in their Windows application logs that contained a likely malicious view state. There was just one catch, it was encrypted. [...] They were able to dump the autogen keys from the Windows registry, however they didn’t know how to use these to decrypt their view state.

[...]

In this post, I’ll be covering:

* How the autogen keys are generated

* How the master machine keys are derived from the autogen keys

* How the final machine keys are derived from the master machine keys

* How the final keys can be used to decrypt view state messages

Alifatiskabout 1 hour ago
This site seems safe, I don't know why there is a warning.