Using Log Parsing to Stop Microsoft IIS Backdoor Attacks

Chances are you’ve heard of Microsoft’s Internet Information Services, (more commonly known as IIS) as it’s one of the most popular web servers in the world, boasting a user base of over one million websites and included in the tech stack of nearly 6,000 companies. Being popular is great, but it also means becoming a bigger target – just ask Microsoft, who recently warned users about the growing trend of threat actors planting backdoors into Exchange servers via IIS extensions …

attacks backdoor corporate edr iis log microsoft osquery parsing product xdr