Adrian Justice
Adrian (@zeroedtech) is a senior threat hunter specialising in IIS, webshells and .NET. He's a firm believer that the best way to learn defensive cyber is to understand offensive cyber.
Session
09-27
09:00
180min
Attacking and Defending Microsoft IIS Training
Adrian Justice
In this session, we will cover a variety of techniques to gain code execution on Microsoft IIS servers, ranging from simple webshells to reflectively loading .NET assemblies via exploits.
After performing each attack, we will conduct an incident response to determine what happened and discuss remediation options for recovering from this attack as well as ensuring we can better detect the technique next time.
Setup Steps: https://zeroed.tech/blog/bsides-2024/
Slides and Code: https://zeroed.tech/blog/bsides-2024-code/
Training
Murray-Fitzroy