/ #yolosec Mon, 15 Dec 2025 02:19:47 +0000 en-US hourly 1 https://wordpress.org/?v=6.9 /2025/12/revisiting-purple-teaming-ad-with-bloodhound-ce-ad-miner/ Fri, 05 Dec 2025 01:07:35 +0000 /?p=7703 A few months ago, I published a blog post that involved managing Bloodhound CE with Docker Compose: Purple Teaming AD with BloodHound CE & AD-Miner Since then, BloodHound CE has seen some pretty significant improvements, including new tools to simplify container management. Because of this, I wanted to revisit this setup and put together an […]

The post Revisiting Purple Teaming AD with BloodHound CE & AD-Miner first appeared on RobWillis.info.]]> /2025/10/home-lab-office-2025/ Sat, 04 Oct 2025 23:10:14 +0000 /?p=7452 It’s been a while since I’ve made a video, and even longer since I’ve shown my home lab setup! I’ve been doing some cleaning and thinking about upgrades, so I figured now would be a good time to show where everything currently stands.

The post Home Lab (2025) first appeared on RobWillis.info.]]> /2025/09/windows-edr-telemetry-sensors/ Thu, 18 Sep 2025 11:57:32 +0000 /?p=7442 I recently read Evading EDR by Matt Hand. While not a lengthy book, it’s technically dense and packed with tons of valuable information about Windows and EDR internals. It’s a fantastic resource, and I highly recommend it: Evading EDR by Matt Hand To help solidify my understanding of the concepts and apply them in future […]

The post Windows EDR: Telemetry & Sensors – Mind Map first appeared on RobWillis.info.]]> /2025/05/ultimate-local-ai-setup-guide-ubuntu-ollama-open-webui/ Wed, 14 May 2025 16:30:07 +0000 /?p=6836 Intro & Background It seems safe to say that artificial intelligence (AI), particularly large language models (LLMs), are here to stay. As a cybersecurity professional, it has been pretty easy to find use cases for AI in my daily work, from general penetration testing and writing tools to forensics and reverse engineering. However, as with […]

The post Ultimate Local AI Setup Guide: Ubuntu, Ollama, & Open WebUI first appeared on RobWillis.info.]]> /2025/03/purple-teaming-ad-with-bloodhound-community-edition-ad-miner/ Wed, 12 Mar 2025 13:42:51 +0000 /?p=6147 BloodHound is one of those tools that everyone in the industry seems to have heard of and it tends to generate a buzz amongst engineers anytime it’s brought up. This reputation is well-deserved with it being such a game changer when it comes to attacking and auditing Active Directory domains. Every organization running Active Directory […]

The post Purple Teaming AD with BloodHound CE & AD-Miner first appeared on RobWillis.info.]]> /2022/11/analyzing-detecting-iis-backdoors/ Sat, 05 Nov 2022 08:00:12 +0000 /?p=5452 IIS Extensions As Backdoors Microsoft recently published an interesting blog explaining how they’ve noticed a new trend where attackers have been leveraging Internet Information Services (IIS) extensions to covertly backdoor Windows servers: https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/ The Microsoft post contains a wealth of information on this topic, but I really wanted to dig through the specifics in order […]

The post Analyzing & Detecting IIS Backdoors first appeared on RobWillis.info.]]> /2022/06/powershell-script-invoke-rpcmap/ Mon, 27 Jun 2022 02:13:00 +0000 /?p=5365 Invoke-RPCMap Invoke-RPCMap can be used to enumerate local and remote RPC services/ports via the RPC Endpoint Mapper service. This information can useful during an investigation where a connection to a remote port is known, but the service is running under a generic process like svchost.exe. This script will do the following: Create a local log […]

The post New Tool! Invoke-RPCMap: PowerShell Script for Remote RPC Service Enumeration first appeared on RobWillis.info.]]> /2021/04/powershell-script-quickly-find-the-largest-files/ Tue, 06 Apr 2021 07:05:37 +0000 /?p=5334 A few years ago I wrote a script to help find the largest files on a drive using PowerShell without the need to install any additional software. This script was extremely useful for quickly narrowing in on files that may be easy to remove in order to help free up disk space, particularly in situations […]

The post Revisiting & Revising An Old PowerShell Tool – Quickly Find The Largest Files first appeared on RobWillis.info.]]> /2021/02/vmware-vcenter-cve-2021-21972-scan-tool/ Sat, 27 Feb 2021 10:31:52 +0000 /?p=5318 In this post, I am releasing a PowerShell POC script that will scan the specified target hosts and attempt to detect those that are vulnerable to VMware vCenter CVE-2021-21972. You can find the script, Invoke-CVE-2021-21972-Scan.ps1, on my github here: https://github.com/robwillisinfo/VMware_vCenter_CVE-2021-21972 The script executes in the following order: Create a log file, default log name is […]

The post VMware vCenter CVE-2021-21972 Scanner first appeared on RobWillis.info.]]> /2020/01/disabling-powershell-v2-with-group-policy/ Mon, 20 Jan 2020 11:39:09 +0000 /?p=4855 In this post I am going to tackle something that I have been wanting to play around with for awhile, disabling PowerShell v2 at an enterprise scale. As a former systems engineer and now a security engineer, I have a love/hate relationship with PowerShell since it is amazingly useful but also incredibly dangerous in the […]

The post Disabling PowerShell v2 with Group Policy first appeared on RobWillis.info.]]>