The IIS mods for #bsidescbr are coming together. These screenshots show the interception of a directory listing payload being run via a chinachopper shell

And one for the red teams 😁

Is it hackback if you tamper with what an adversaries code sends back to their C2? Defensive part of my #bsidescbr presentation is done, onto the offensive side.

"Bringing Harmony to IIS: Using game mods to protect (or nuke) your web server", Adrian Justice youtu.be/9O0ktG6xuTk

We're people really ignoring virus alerts on Server 2019 enough that we needed a danger dog added to them?

If you've ever wondered what those weird "App_Web_das2318.dll" files on IIS servers are, I've written a blog post detailing where their names come from, what they do and the forensic benefits they can provide zeroed.tech/blog/analysing… This is the first in a series of IIS posts

How much do you know about IIS Machine Keys and View State? Are you confident you could not only identify an exploited host but also remediate it? If not, check out my new blog post which covers exploitation, detection and remediation zeroed.tech/blog/viewstate…

I'll be running a free 3 hour training session at BSidesCanberra teaching people how to defend IIS servers by learning how to attack them. I'll be posting recommended host setups closer to the event so be sure to give me a follow. cfp.bsidescbr.com.au/bsides-canberr…

Defender seems interested in my upcoming BSides Canberra training on Attacking and Defending Microsoft IIS Training

For those planing to attend my "Attacking and Defending Microsoft IIS" training session at BSidesCanberra next week, checkout the following post for the list of recommended software to have reaady to go zeroed.tech/blog/bsides-20… See you all Friday

Thank you to everyone who attended my training session and a massive thanks to BSidesCanberra for providing me the opportunity to run it. The slides and any code we used can be found here zeroed.tech/blog/bsides-20… I'd love any feedback on the session

It put my life on hold for a month and I'm very sleep deprived but thanks for the great CTF Huntress John Hammond @HuskyHacksMK Tyler Benson Rem Izzy @Kaspertame #HuntressCTF

Not a bad read, I think they may be overanalysing a compiled webshell and its a shame they didn't get a memory dump but its great to see more companies talking about this stuff github.com/RedDrip7/Night…

12 months ago I presented a 3 hour course on attacking and defending Microsoft IIS servers to a packed room at BSides Canberra, today the 30+ hour version went live on XINTRA !

TOLLBOOTH: What's yours, IIS mine elastic.co/security-labs/…

I've recently been experimenting with using .NET profilers to hook .NET functions under IIS and decided to write up a blog post while it was fresh in my mind zeroed.tech/blog/hooking-n…

Not the response I want when I resort to AI to debug some mutual TLS issues

...so yes