Analyzing & Detecting IIS Backdoors

Posted on November 5, 2022 by robwillisinfo

IIS Extensions As Backdoors Microsoft recently published an interesting blog explaining how they’ve noticed a new trend where attackers have been leveraging Internet Information Services (IIS) extensions to covertly backdoor Windows servers: https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/ The Microsoft post contains a wealth of Continue reading →

Defending Against PowerShell Attacks

Posted on February 21, 2021 by robwillisinfo

It’s no secret that I am a big fan of PowerShell and recently I have been spending a considerable amount of time researching and testing it from a security perspective. While there is a lot of solid information out there, Continue reading →

Gathering Windows, PowerShell and Sysmon Events with Winlogbeat – ELK 7 – Windows Server 2016 (Part II)

Posted on May 6, 2019 by robwillisinfo

In part I of this series, Installing ELK 7 (Elasticsearch, Logstash and Kibana) on Windows Server 2016, I covered the following: Installing and configuring Elasticsearch, Logstash, and Kibana as Windows services Installing and configuring Winlogbeat to forward logs from the Continue reading →

Installing ELK 7 (Elasticsearch, Logstash and Kibana) – Windows Server 2016 (Part I)

Posted on May 6, 2019 by robwillisinfo

I am a huge fan of the Elastic stack as it can provide a great deal of visibility into even the largest of environments, which can help enable both engineering and security teams rapidly triage technical issues or incidents at Continue reading →

Home Lab Cooling Upgrade!

Posted on October 28, 2018 by robwillisinfo

In this video I show off my latest project – Upgrading the cooling system on my home lab in hopes of making it a little more efficient while quieting things down a bit. The original setup consisted of the following: Continue reading →

My Journey Into The OSCP

Posted on July 13, 2018 by robwillisinfo

Intro This post is going to break away from my typical technical how-to style posts, and talk a little bit about something that has been a personal goal of mine for some time – The Offensive Security Certified Professional. When Continue reading →

Home Lab Setup (2017)

Posted on February 4, 2018 by robwillisinfo

In this post and video I give a quick run down of my Home Lab – everything from the rack itself, to the hardware and the basics of what everything is being used for. I started this project towards the Continue reading →

ELK Stack – Installing and Configuring Curator

Posted on November 16, 2017 by robwillisinfo

In this post I am going to quickly cover what is needed to get Curator up and running on the ELK stack. In the last few posts about the ELK stack I covered everything needed to get it installed, configured Continue reading →

ELK Stack – Tips, Tricks and Troubleshooting

Posted on November 9, 2017 by robwillisinfo

This post is going to be a sort of a follow up to my ELK 5 on Ubuntu 16.04 series. I am going to cover some of the lessons I have learned over the last few months of maintaining a Continue reading →

ELK 5: Setting up a Grok filter for IIS Logs

Posted on May 11, 2017 by robwillisinfo

In Pt. 3 of my setting up ELK 5 on Ubuntu 16.04 series, I showed how easy it was to ship IIS logs from a Windows Server 2012 R2 using Filebeat. One thing you may have noticed with that configuration Continue reading →

RobWillis.info

everything tech.

Tag Archives: security