Windows | RobWillis.info

Home Lab (2025)

robwillisinfo — Sat, 04 Oct 2025 23:10:14 +0000

It’s been a while since I’ve made a video, and even longer since I’ve shown my home lab setup! I’ve been doing some cleaning and thinking about upgrades, so I figured now would be a good time to show where everything currently stands.

The post Home Lab (2025) first appeared on RobWillis.info.

Windows EDR: Telemetry & Sensors – Mind Map

robwillisinfo — Thu, 18 Sep 2025 11:57:32 +0000

I recently read Evading EDR by Matt Hand. While not a lengthy book, it’s technically dense and packed with tons of valuable information about Windows and EDR internals. It’s a fantastic resource, and I highly recommend it: Evading EDR by Matt Hand To help solidify my understanding of the concepts and apply them in future […]

The post Windows EDR: Telemetry & Sensors – Mind Map first appeared on RobWillis.info.

Analyzing & Detecting IIS Backdoors

robwillisinfo — Sat, 05 Nov 2022 08:00:12 +0000

IIS Extensions As Backdoors Microsoft recently published an interesting blog explaining how they’ve noticed a new trend where attackers have been leveraging Internet Information Services (IIS) extensions to covertly backdoor Windows servers: https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/ The Microsoft post contains a wealth of information on this topic, but I really wanted to dig through the specifics in order […]

The post Analyzing & Detecting IIS Backdoors first appeared on RobWillis.info.

Defending Against PowerShell Attacks

robwillisinfo — Mon, 22 Feb 2021 04:07:54 +0000

It’s no secret that I am a big fan of PowerShell and recently I have been spending a considerable amount of time researching and testing it from a security perspective. While there is a lot of solid information out there, I have found it can still be a challenge to really get a solid grasp […]

The post Defending Against PowerShell Attacks first appeared on RobWillis.info.

Disabling PowerShell v2 with Group Policy

robwillisinfo — Mon, 20 Jan 2020 11:39:09 +0000

In this post I am going to tackle something that I have been wanting to play around with for awhile, disabling PowerShell v2 at an enterprise scale. As a former systems engineer and now a security engineer, I have a love/hate relationship with PowerShell since it is amazingly useful but also incredibly dangerous in the […]

The post Disabling PowerShell v2 with Group Policy first appeared on RobWillis.info.

Gathering Windows, PowerShell and Sysmon Events with Winlogbeat – ELK 7 – Windows Server 2016 (Part II)

robwillisinfo — Tue, 07 May 2019 02:43:19 +0000

In part I of this series, Installing ELK 7 (Elasticsearch, Logstash and Kibana) on Windows Server 2016, I covered the following: Installing and configuring Elasticsearch, Logstash, and Kibana as Windows services Installing and configuring Winlogbeat to forward logs from the ELK server into ELK Installing and configuring Curator as a scheduled task (optional) Now, in […]

The post Gathering Windows, PowerShell and Sysmon Events with Winlogbeat – ELK 7 – Windows Server 2016 (Part II) first appeared on RobWillis.info.

Installing ELK 7 (Elasticsearch, Logstash and Kibana) – Windows Server 2016 (Part I)

robwillisinfo — Tue, 07 May 2019 02:42:55 +0000

I am a huge fan of the Elastic stack as it can provide a great deal of visibility into even the largest of environments, which can help enable both engineering and security teams rapidly triage technical issues or incidents at scale. There’s also the fact that unlike Splunk, the Elastic software is free to use […]

The post Installing ELK 7 (Elasticsearch, Logstash and Kibana) – Windows Server 2016 (Part I) first appeared on RobWillis.info.

Manually Updating the Firmwares on a Dell PowerEdge R610

robwillisinfo — Mon, 24 Dec 2018 03:44:47 +0000

Updating firmwares yet again… Shortly after the last time I posted on updating firmwares on Dell PowerEdge R610, I found out that Dell dropped support for all 11G servers from the SUU package along with the Lifecycle controller packages which basically broke the entire method I posted. However all hope is not lost, and the […]

The post Manually Updating the Firmwares on a Dell PowerEdge R610 first appeared on RobWillis.info.

Home Lab Cooling Upgrade!

robwillisinfo — Mon, 29 Oct 2018 03:24:14 +0000

In this video I show off my latest project – Upgrading the cooling system on my home lab in hopes of making it a little more efficient while quieting things down a bit. The original setup consisted of the following: 2 x 6″ Ducts with Fans 6″ Flexible Ducting Originally there was just a single […]

The post Home Lab Cooling Upgrade! first appeared on RobWillis.info.

Apache Struts CVE-2018-11776 – Testing, Analyzing, & Detection

robwillisinfo — Fri, 31 Aug 2018 13:49:06 +0000

Intro Any time a new Apache Struts vulnerability comes out it should be taken pretty seriously as there are many “mission critical” systems that are leveraging the framework, with a considerable amount of them being public facing. Unfortunately, as a former Sys Ad I can tell you that many of these systems will go on […]

The post Apache Struts CVE-2018-11776 – Testing, Analyzing, & Detection first appeared on RobWillis.info.