Analyzing & Detecting IIS Backdoors

Posted on November 5, 2022 by robwillisinfo

IIS Extensions As Backdoors Microsoft recently published an interesting blog explaining how they’ve noticed a new trend where attackers have been leveraging Internet Information Services (IIS) extensions to covertly backdoor Windows servers: https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/ The Microsoft post contains a wealth of Continue reading →

PowerShell Script – Invoke-RPCMap

Posted on June 26, 2022 by robwillisinfo

Invoke-RPCMap Invoke-RPCMap can be used to enumerate local and remote RPC services/ports via the RPC Endpoint Mapper service. This information can useful during an investigation where a connection to a remote port is known, but the service is running under Continue reading →

PowerShell Script – Quickly Find The Largest Files

Posted on April 6, 2021 by robwillisinfo

A few years ago I wrote a script to help find the largest files on a drive using PowerShell without the need to install any additional software. This script was extremely useful for quickly narrowing in on files that may Continue reading →

PowerShell Script – VMware vCenter CVE-2021-21972 Scan Tool

Posted on February 27, 2021 by robwillisinfo

In this post, I am releasing a PowerShell POC script that will scan the specified target hosts and attempt to detect those that are vulnerable to VMware vCenter CVE-2021-21972. You can find the script, Invoke-CVE-2021-21972-Scan.ps1, on my github here: https://github.com/robwillisinfo/VMware_vCenter_CVE-2021-21972 Continue reading →

Invoke-Decoder – A PowerShell script to decode/deobfuscate malware samples

Posted on August 1, 2020 by robwillisinfo

I have been spending a lot of time reviewing PowerShell based attacks and malware over the last few months and I wanted to take some time to really understand how some of the common obfuscation techniques really work under the Continue reading →

Everything You Need To Know To Get Started Logging PowerShell

Posted on October 6, 2019 by robwillisinfo

Intro Recently, I have been spending a lot of time researching and working with PowerShell logging. Since PowerShell is readily available (built-in to the OS) and has an assortment of functionality that can be used across the entire kill chain Continue reading →

Installing ELK 7 (Elasticsearch, Logstash and Kibana) – Windows Server 2016 (Part I)

Posted on May 6, 2019 by robwillisinfo

I am a huge fan of the Elastic stack as it can provide a great deal of visibility into even the largest of environments, which can help enable both engineering and security teams rapidly triage technical issues or incidents at Continue reading →

PowerShell Script – Set-PowerCfg

Posted on August 14, 2018 by robwillisinfo

Set-PowerCfg is a simple script that can be used to easily set or check the current power scheme being applied on a Windows host, these are the same settings found in Control Panel > Power Options. This is particularly useful Continue reading →

My Journey Into The OSCP

Posted on July 13, 2018 by robwillisinfo

Intro This post is going to break away from my typical technical how-to style posts, and talk a little bit about something that has been a personal goal of mine for some time – The Offensive Security Certified Professional. When Continue reading →

PowerEdge R610 – Updating Firmwares When the LifeCycle Controller Fails

Posted on March 12, 2018 by robwillisinfo

Why You Should Always Update Firmwares! Security patches, new features and bug fixes – These are all very good reasons to ensure firmwares are up to date before moving your new servers into production. Things like the BIOS, RAID Controller, Continue reading →

RobWillis.info

everything tech.

Category Archives: Tools