ioc[.]one - OSINT Cyber Threat Intelligence Database

Decrypting ASP.NET Identity cookies

Tags

attack-pattern:

Python - T1059.006 Tool - T1588.002 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	9375160a-ff16-41a3-8cc3-e8a5d669aefc
Fingerprint	e6d3d530b88e5b96
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 11, 2014, 2:02 p.m.
Added to db	Jan. 18, 2023, 9:59 p.m.
Last updated	Nov. 18, 2024, 9:29 a.m.
Headline	My debug notes
Title	Decrypting ASP.NET Identity cookies
Detected Hints/Tags/Attributes	17/1/16

Source URLs

	Redirection	Url
Details	Source	https://lowleveldesign.org/2014/11/11/decrypting-asp-net-identity-cookies/

URL Provider

Details	Provider	Source level domain
Details	lowleveldesign.org	lowleveldesign.org

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	398		asp.net
Details	Domain	1		microsoft.owin.security
Details	Domain	1		aspnetcrypto.py
Details	Domain	33		schemas.xmlsoap.org
Details	Domain	73		schemas.microsoft.com
Details	File	17		base64.url
Details	File	1		args.asp
Details	File	3		gzip.gzip
Details	File	70		web.config
Details	File	1		aspnetcrypto.py
Details	File	32		schemas.xml
Details	sha256	1		22d14047d53135334cb08d4b4d7da1dcfccd0eae9e66fea0b8dfdcdca085a683
Details	sha256	1		c2aec26d010bb4224ab2189184cca3c1b43ae9688026ae4a2f851fbf5521c73f
Details	sha256	1		be5cf08f3d2e21db3601e280503bf78e4ebd02d49245dcb37057dd1369a5172b
Details	Url	2		http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
Details	Url	1		http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider►asp.net