CVE-2019-18935 – Using Powershell to review IIS and Windows Logs (Searching for IoC)

CVE-2019-18935 - Using Powershell to review IIS and Windows Logs (searching for IoC)

This article can be considered a Cyber-Security article more than a Software Development one for the content and part of the vocabulary that will be used but don’t be scared. I wanted to keep it very practical and to give you a simple example of what type of tools everyone can build or use in certain scenarios like in CyberSec and Incident Response. Continue reading “CVE-2019-18935 – Using Powershell to review IIS and Windows Logs (Searching for IoC)”

Updating Windows Subsystem for Linux (WSL2)

I must admit that I’m a very strong fan of Windows Subsystem for Linux (WSL) 2.  It’s definitely something I’m happy to use every single day, regardless that I have few Linux VMs and a couple of apps running in docker containers on my workstation.

I cannot say that the new version has substantially reduced the number of tools yet, but there is the chance that in the future WSL2 and (Linux) docker containers will be the only things running all the time on my system. The Hypervisor will be just used for running some VMs on demand when needed.

Continue reading “Updating Windows Subsystem for Linux (WSL2)”

Powershell – Serial vs Parallel Processing

Powershell - Serial vs Parallel Processing

Whenever I look for improving the performances of a script or code there is sometimes an option for parallelising the processing/execution of some of the workflows. It generally means adding complexity and is not always the case that it will make necessary the whole process so much faster, but for long-running ones made of independent sub-tasks, it is probably a very effective strategy.

A recent comment gave me the idea for this article, even if the subject could get potentially very complex if we go deep, but I will do my best to keep it very simple and at the same time giving you some good examples of it.

Continue reading “Powershell – Serial vs Parallel Processing”

Using PowerShell to Clean Up Sophos Temp Files

using-powershell-to-clean-up-sophos-temp-files

Recently I’ve encountered a strange issue that affected one Windows workstation with Sophos AV (Endpoint) software installed.  Sometimes this software creates some temporary files with ‘$$$’ extension and apparently it never removes them.

I thought that the process of analysis and implementing a solution for this edge case was perfect for an article and it is applicable to many similar situations when scripting is required to collect information or mitigate.

Continue reading “Using PowerShell to Clean Up Sophos Temp Files”