Windows variant of a webserver is called Internet Information Services (IIS). The feature comes as part of Windows server builds but isn’t enabled but default. If you manage an IIS server, logs write to c:\inetpub\logs by default and without a tool or capability, aren’t necessarily the easiest to read. With
Year: 2019
Reducing the Attack Surface for BlueKeep
It’s been a few months since the BlueKeep vulnerability was brought to light. This discovery shouldn’t be taken lightly as it allows a malicious user to gain unauthenticated access and the ability to perform remote code execution on Windows systems. The documentation on the vulnerability depicts that the following operating
Invoke-Fail2Ban
Anyone who has a system that is accessible on the Internet has likely had their fair share of brute force attempts. Utilizing something like Fail2ban is great because it blocks those type of attacks, providing some level of security. The downfall about Fail2ban is that it was developed for *nix
Finding Services Tied to Processes
When looking at a process list, you will undoubtedly see a number of svchost processes. The overall number of them really depends on the system and what services are running. Each svchost has at least one service running within it. If you are seeking a better understanding of which service
Fileless Malware Storage: Group Policy Objects- 4 of 4
Up to this point, we’ve discussed using the Registry, Active Directory, and Event Logs for storing stagers in Windows. In our last installment of this series, we will discuss the use of Group Policy Objects to achieve the same goal. Group Policy is designed to be a hierarchal infrastructure to
Fileless Malware Storage: Event Logs– 3 of 4
Up to this point, we’ve touched on using Active Directory and the Registry to store code for later use. To add on to the topic, we can also use Event Logs. The effectiveness of this technique is based on the environment in which one looks to use it. I say
Fileless Malware Storage: Active Directory– 2 of 4
In my last post, I spoke on the use of the Registry to store malicious code to call upon at a later time. In this post, I’ll discuss using Active Directory to store code. Essentially, Active Directory is a hierarchical structure that stores information about objects on the network, particularly