Category Archives: Uncategorized

It’s been a while since I linked to Cesar Cerrudo’s slide deck about token kidnapping. Now there is also a POC available (with samples how to use it from SQL Server and IIS). There is also some movement at MS … Continue reading →

I often need X509 certificates – but I never really became friendly with makecert. So I ended up running Windows Cerificate Services which proved to be an easy to use, robust solution. You can have one at home or carry … Continue reading →

BradA says: “We have brought managed executables in line with native code executables in how they behave when run off a network share.  Yea!” VanceN says: “Hurray, its finally fixed!  manage code ‘just works’ from network file share!” Grats for … Continue reading →

The CLR security team has a site now on Codeplex – Shawn has all the details here. Good stuff!

Quoting Brian: “Microsoft has decided I didn’t cause too much trouble over the last 12 months so I get to continue being a {0} MVP. Thanks!”, “Developer Security”

Putting these three things (and a little bit of this) together – you can build a very nice profile script for PowerShell ;)

Great article about IIS 7 configuration extensibility: http://learn.iis.net/page.aspx/241/configuration-extensibility/ Especially infos about the COM backed extensions are hard to find elsewhere…

Good walkthrough here: http://learn.iis.net/page.aspx/441/understanding-ui-extension-authoring/

Bob wrote me an email as a response to this post. He also directed me to this whitepaper he wrote about SQL Server Security. Interesting read!

I recently ran into a strange situation – I was expecting an “access denied” but it didn’t happen (yes – security guys are strange people ;). Here’s the long story: I was writing some test code for LINQ to SQL … Continue reading →