/ #yolosec Mon, 27 Jun 2022 03:52:35 +0000 en-US hourly 1 https://wordpress.org/?v=6.9 /2020/01/disabling-powershell-v2-with-group-policy/ Mon, 20 Jan 2020 11:39:09 +0000 /?p=4855 In this post I am going to tackle something that I have been wanting to play around with for awhile, disabling PowerShell v2 at an enterprise scale. As a former systems engineer and now a security engineer, I have a love/hate relationship with PowerShell since it is amazingly useful but also incredibly dangerous in the […]

The post Disabling PowerShell v2 with Group Policy first appeared on RobWillis.info.]]> /2019/05/gathering-windows-powershell-and-sysmon-events-with-winlogbeat-elk-7-windows-server-2016/ Tue, 07 May 2019 02:43:19 +0000 /?p=4162 In part I of this series, Installing ELK 7 (Elasticsearch, Logstash and Kibana) on Windows Server 2016, I covered the following: Installing and configuring Elasticsearch, Logstash, and Kibana as Windows services Installing and configuring Winlogbeat to forward logs from the ELK server into ELK Installing and configuring Curator as a scheduled task (optional) Now, in […]

The post Gathering Windows, PowerShell and Sysmon Events with Winlogbeat – ELK 7 – Windows Server 2016 (Part II) first appeared on RobWillis.info.]]> /2019/05/installing-elk-7-elasticsearch-logstash-and-kibana-windows-server-2016/ Tue, 07 May 2019 02:42:55 +0000 /?p=4058 I am a huge fan of the Elastic stack as it can provide a great deal of visibility into even the largest of environments, which can help enable both engineering and security teams rapidly triage technical issues or incidents at scale. There’s also the fact that unlike Splunk, the Elastic software is free to use […]

The post Installing ELK 7 (Elasticsearch, Logstash and Kibana) – Windows Server 2016 (Part I) first appeared on RobWillis.info.]]>