Automate-Powershell
By Data-Dan-sharing
Mitigating-Web-Shells
Guidance for mitigation web shells. #nsacyber (by nsacyber)
Our great sponsors
Automate-Powershell | Mitigating-Web-Shells | |
---|---|---|
1 | 2 | |
0 | 943 | |
- | 0.5% | |
0.0 | 0.0 | |
about 3 years ago | 10 months ago | |
PowerShell | YARA | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Automate-Powershell
Posts with mentions or reviews of Automate-Powershell.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-03-03.
-
Mass exploitation of on-prem Exchange servers :(
Automate-Powershell/Hafniummonitor.ps1 at main · Data-Dan-sharing/Automate-Powershell (github.com)
Mitigating-Web-Shells
Posts with mentions or reviews of Mitigating-Web-Shells.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-03-03.
-
FBI Director Christopher Wray says agency blocked planned cyberattack on children's hospital
The NSA provides publicly to everyone a GitHub Repository to mitigate back doors that other nation-state threat actors are using. Your statement "the sheer number of backdoors and exploits the NSA has and if revealed, would stop probably all malicious programs" implies that nation-state threat actors are using the same back doors, so why would they do this?
-
Mass exploitation of on-prem Exchange servers :(
There is likely a Cobalt Strike BEACON acting as C2 now even if you've patched. I recommend full incident response mode, probably want to isolate the server. Run an integrity check against a known good config with WinDiff or NSA's dirChecker to find other anomolies. https://github.com/nsacyber/Mitigating-Web-Shells
What are some alternatives?
When comparing Automate-Powershell and Mitigating-Web-Shells you can also consider the following projects:
HealthChecker - Exchange Server Performance Health Checker Script
aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
gimmeSH - For pentesters who don't wanna leave their terminals.
ExchangeMarch2021IOCHunt - Really fast knock up use at own risk etc.
htshells - Self contained htaccess shells and attacks
spectre-meltdown-checker - Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD
wso-webshell - 🕹 wso php webshell
Automate-Powershell vs HealthChecker
Mitigating-Web-Shells vs aizawa
Mitigating-Web-Shells vs gimmeSH
Mitigating-Web-Shells vs ExchangeMarch2021IOCHunt
Mitigating-Web-Shells vs htshells
Mitigating-Web-Shells vs spectre-meltdown-checker
Mitigating-Web-Shells vs wso-webshell
Mitigating-Web-Shells vs HealthChecker