Analyzing & Detecting IIS Backdoors

Posted on November 5, 2022 by robwillisinfo

IIS Extensions As Backdoors Microsoft recently published an interesting blog explaining how they’ve noticed a new trend where attackers have been leveraging Internet Information Services (IIS) extensions to covertly backdoor Windows servers: https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/ The Microsoft post contains a wealth of Continue reading →

Defending Against PowerShell Attacks

Posted on February 21, 2021 by robwillisinfo

It’s no secret that I am a big fan of PowerShell and recently I have been spending a considerable amount of time researching and testing it from a security perspective. While there is a lot of solid information out there, Continue reading →

Disabling PowerShell v2 with Group Policy

Posted on January 20, 2020 by robwillisinfo

In this post I am going to tackle something that I have been wanting to play around with for awhile, disabling PowerShell v2 at an enterprise scale. As a former systems engineer and now a security engineer, I have a Continue reading →

Gathering Windows, PowerShell and Sysmon Events with Winlogbeat – ELK 7 – Windows Server 2016 (Part II)

Posted on May 6, 2019 by robwillisinfo

In part I of this series, Installing ELK 7 (Elasticsearch, Logstash and Kibana) on Windows Server 2016, I covered the following: Installing and configuring Elasticsearch, Logstash, and Kibana as Windows services Installing and configuring Winlogbeat to forward logs from the Continue reading →

Installing ELK 7 (Elasticsearch, Logstash and Kibana) – Windows Server 2016 (Part I)

Posted on May 6, 2019 by robwillisinfo

I am a huge fan of the Elastic stack as it can provide a great deal of visibility into even the largest of environments, which can help enable both engineering and security teams rapidly triage technical issues or incidents at Continue reading →

Manually Updating the Firmwares on a Dell PowerEdge R610

Posted on December 23, 2018 by robwillisinfo

Updating firmwares yet again… Shortly after the last time I posted on updating firmwares on Dell PowerEdge R610, I found out that Dell dropped support for all 11G servers from the SUU package along with the Lifecycle controller packages which Continue reading →

Home Lab Cooling Upgrade!

Posted on October 28, 2018 by robwillisinfo

In this video I show off my latest project – Upgrading the cooling system on my home lab in hopes of making it a little more efficient while quieting things down a bit. The original setup consisted of the following: Continue reading →

Apache Struts CVE-2018-11776 – Testing, Analyzing, & Detection

Posted on August 31, 2018 by robwillisinfo

Intro Any time a new Apache Struts vulnerability comes out it should be taken pretty seriously as there are many “mission critical” systems that are leveraging the framework, with a considerable amount of them being public facing. Unfortunately, as a Continue reading →

Installing VMware ESXi on an Internal USB?!

Posted on February 13, 2018 by robwillisinfo

One of the things I get the most questions about with my VMware ESXi posts/videos is about installing ESXi onto USB drives and booting it from there, and that question is usually followed by the concern of someone accidentally or Continue reading →

Dell PowerEdge R610 Review – Virtualization On The Cheap

Posted on February 12, 2018 by robwillisinfo

One of the things I always find myself telling anyone wanting to build out a home lab, is that it does not have to be expensive. The Dell PowerEdge R610 is a prime example of this and in this case Continue reading →

RobWillis.info

everything tech.

Tag Archives: Windows