Monthly Archives: December 2004

EventMonitor 2

EvenMonitor2 logs Windows Event Logs in realtime and can forward the Event entries to the following destinations: Console File SOAP Endpoint File output is XML. There are several sample XSLT stylesheets included to transform the output to HTML. New in … Continue reading

Posted in Uncategorized | Leave a comment

Windows Auditing Blog

That’s what i love about blogging – everybody finds his niche. A blog dedicated to Windows Auditing. Only 3 posts so far – hey eric, keep ‘em coming, we love this topic!  

Posted in Uncategorized | Leave a comment

Using LogParser from C#

UPDATEthanks for the comments. i bug fixed and added the suggestions to the code. Weeks ago i promised to post my ASP.NET frontend for the LogParser tool, but I haven’t had the time to hunt down some bugs and finalize it. … Continue reading

Posted in Uncategorized | Leave a comment

XPath Injection

Another injection attack. As querying XML with XPath gets more widely adopted (e.g. the XML DataSource in .NET 2.0) this could become a serious problem. Just follow the best practices to mitigate all the other injection attacks (that is sanitize user … Continue reading

Posted in Uncategorized | Leave a comment

Troubleshooting Kerberos Delegation

A very detailed paper about configuring and troubleshooting kerberos delegation is available on Technet. recommended. UPDATEThis page is part of the ‘Kerberos Authentication Technology Center’ which in turn is part of the ‘Security Services in Windows 2003′. Wow. Lots of good … Continue reading

Posted in Uncategorized | Leave a comment

Blind Folded SQL Injection and SQL Server 2005

UPDATEI double checked that with my favourite database guru bob beauchemin – looks good ;) Everybody knows SQL Injection. What still amazes most of the people at demos is a technique called “Blind Folded SQL Injection” (read more). With BFSI you start … Continue reading

Posted in Uncategorized | Leave a comment

Get WSE WSDL

I recently did some work with WSE2 XML Messaging and KerberosToken. There were times where i just quickly needed the auto-generated WSDL of my SoapService (same as WSE2WSDL but without creating the proxy class)…this code was my friend: using System;using Microsoft.Web.Services2;using … Continue reading

Posted in Uncategorized | Leave a comment

Protected Configuration

fredrik normen wrote a good summary of the new protected configuration feature in whidbey (plus some other interesting posts around asp.net 2.0)  

Posted in Uncategorized | Leave a comment

Ctrl-F5 is back!

what bugged me since the first version of VS2005 i installed on my laptop (i think it’s plain beta 1 and i did not follow all this CTP madness), is the removal of the “hit any key to close window” … Continue reading

Posted in Uncategorized | Leave a comment

Information Disclosure

Information Disclosure is the ‘I’ threat in the STRIDE Threat Model. Info Disclosure basically means that you give a user (and an attacker) more information about your system and infrastructure than needed. One of the oldest anti Info Disclosure measures … Continue reading

Posted in Uncategorized | Leave a comment