RU version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
0% Positive
Analyzed from 214 words in the discussion.
Trending Topics
#keys#warning#machine#safe#windows#view#state#autogen#website#browsing

Discussion (4 Comments)Read Original on HackerNews
> Deceptive Website Warning > This website may try to trick you into doing something dangerous, like installing software or disclosing personal or financial information, like passwords, phone numbers, or credit
https://archive.ph/gQcRU
Appears to be a forensic walkthrough, working backward to calculate a decryption key to read application logs, working from a disk image of a Windows/IIS machine suspected to be malware-affected.
It includes the output of a run of a utility the author built to help. Which, I mean... I can see why Safe Browsing might get grumpy from the content alone; I'm also in no position to assess whether there's actual sneaky stuff going on too.
Excerpt:
Published: 23/01/2026
I recently had someone reach out to me with an interesting problem. They had found a 1316 event in their Windows application logs that contained a likely malicious view state. There was just one catch, it was encrypted. [...] They were able to dump the autogen keys from the Windows registry, however they didn’t know how to use these to decrypt their view state.
[...]
In this post, I’ll be covering:
* How the autogen keys are generated
* How the master machine keys are derived from the autogen keys
* How the final machine keys are derived from the master machine keys
* How the final keys can be used to decrypt view state messages