Tag: Windows
-
Analyzing & Detecting IIS Backdoors
IIS Extensions As Backdoors Microsoft recently published an interesting blog explaining how they’ve noticed a new trend where attackers have been leveraging Internet Information Services (IIS) extensions to covertly backdoor Windows servers: https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/ The Microsoft post contains a wealth of information on this topic, but I really wanted to dig through the specifics in order…
Written by
-
Defending Against PowerShell Attacks
It’s no secret that I am a big fan of PowerShell and recently I have been spending a considerable amount of time researching and testing it from a security perspective. While there is a lot of solid information out there, I have found it can still be a challenge to really get a solid grasp…
Written by
-
Disabling PowerShell v2 with Group Policy
In this post I am going to tackle something that I have been wanting to play around with for awhile, disabling PowerShell v2 at an enterprise scale. As a former systems engineer and now a security engineer, I have a love/hate relationship with PowerShell since it is amazingly useful but also incredibly dangerous in the…
Written by
-
Gathering Windows, PowerShell and Sysmon Events with Winlogbeat – ELK 7 – Windows Server 2016 (Part II)
In part I of this series, Installing ELK 7 (Elasticsearch, Logstash and Kibana) on Windows Server 2016, I covered the following: Installing and configuring Elasticsearch, Logstash, and Kibana as Windows services Installing and configuring Winlogbeat to forward logs from the ELK server into ELK Installing and configuring Curator as a scheduled task (optional) Now, in…
Written by
-
Installing ELK 7 (Elasticsearch, Logstash and Kibana) – Windows Server 2016 (Part I)
I am a huge fan of the Elastic stack as it can provide a great deal of visibility into even the largest of environments, which can help enable both engineering and security teams rapidly triage technical issues or incidents at scale. There’s also the fact that unlike Splunk, the Elastic software is free to use…
Written by
-
Manually Updating the Firmwares on a Dell PowerEdge R610
Updating firmwares yet again… Shortly after the last time I posted on updating firmwares on Dell PowerEdge R610, I found out that Dell dropped support for all 11G servers from the SUU package along with the Lifecycle controller packages which basically broke the entire method I posted. However all hope is not lost, and the…
Written by
-
Home Lab Cooling Upgrade!
In this video I show off my latest project – Upgrading the cooling system on my home lab in hopes of making it a little more efficient while quieting things down a bit. The original setup consisted of the following: 2 x 6″ Ducts with Fans 6″ Flexible Ducting Originally there was just a single…
Written by
-
Installing VMware ESXi on an Internal USB?!
One of the things I get the most questions about with my VMware ESXi posts/videos is about installing ESXi onto USB drives and booting it from there, and that question is usually followed by the concern of someone accidentally or even maliciously removing the drive from the chassis. In the case of the Dell PowerEdge…
Written by
-
Dell PowerEdge R610 Review – Virtualization On The Cheap
One of the things I always find myself telling anyone wanting to build out a home lab, is that it does not have to be expensive. The Dell PowerEdge R610 is a prime example of this and in this case I was able to pick up a matching pair of decently spec’d R610s that are…
Written by
-
Home Lab Setup (2017)
In this post and video I give a quick run down of my Home Lab – everything from the rack itself, to the hardware and the basics of what everything is being used for. I started this project towards the end of 2012 with a single Dell PowerEdge 2950 GII and was hoping to teach…
Written by
