All I'm seeing when opening this is a big red warning
> Deceptive Website Warning
> This website may try to trick you into doing something dangerous, like installing software or disclosing personal or financial information, like passwords, phone numbers, or credit
Appears to be a forensic walkthrough, working backward to calculate a decryption key to read application logs, working from a disk image of a Windows/IIS machine suspected to be malware-affected.
It includes the output of a run of a utility the author built to help. Which, I mean... I can see why Safe Browsing might get grumpy from the content alone; I'm also in no position to assess whether there's actual sneaky stuff going on too.
Excerpt:
Published: 23/01/2026
I recently had someone reach out to me with an interesting problem. They had found a 1316 event in their Windows application logs that contained a likely malicious view state. There was just one catch, it was encrypted. [...] They were able to dump the autogen keys from the Windows registry, however they didn’t know how to use these to decrypt their view state.
[...]
In this post, I’ll be covering:
* How the autogen keys are generated
* How the master machine keys are derived from the autogen keys
* How the final machine keys are derived from the master machine keys
* How the final keys can be used to decrypt view state messages
All I'm seeing when opening this is a big red warning
> Deceptive Website Warning > This website may try to trick you into doing something dangerous, like installing software or disclosing personal or financial information, like passwords, phone numbers, or credit
Same, Firefox. Curious.
I'm not inclined to click through the Google Safe Browsing warning, but should one trust an archive to strip active content:
https://archive.ph/gQcRU
Appears to be a forensic walkthrough, working backward to calculate a decryption key to read application logs, working from a disk image of a Windows/IIS machine suspected to be malware-affected.
It includes the output of a run of a utility the author built to help. Which, I mean... I can see why Safe Browsing might get grumpy from the content alone; I'm also in no position to assess whether there's actual sneaky stuff going on too.
Excerpt:
Published: 23/01/2026
I recently had someone reach out to me with an interesting problem. They had found a 1316 event in their Windows application logs that contained a likely malicious view state. There was just one catch, it was encrypted. [...] They were able to dump the autogen keys from the Windows registry, however they didn’t know how to use these to decrypt their view state.
[...]
In this post, I’ll be covering:
* How the autogen keys are generated
* How the master machine keys are derived from the autogen keys
* How the final machine keys are derived from the master machine keys
* How the final keys can be used to decrypt view state messages
This site seems safe, I don't know why there is a warning.