ExchangeMarch2021IOCHunt
Really fast knock up use at own risk etc. (by mr-r3b00t)
Mitigating-Web-Shells
Guidance for mitigation web shells. #nsacyber (by nsacyber)
Our great sponsors
ExchangeMarch2021IOCHunt | Mitigating-Web-Shells | |
---|---|---|
1 | 2 | |
19 | 943 | |
- | 0.5% | |
0.0 | 0.0 | |
about 3 years ago | 10 months ago | |
PowerShell | YARA | |
- | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ExchangeMarch2021IOCHunt
Posts with mentions or reviews of ExchangeMarch2021IOCHunt.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-03-03.
Mitigating-Web-Shells
Posts with mentions or reviews of Mitigating-Web-Shells.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-03-03.
-
FBI Director Christopher Wray says agency blocked planned cyberattack on children's hospital
The NSA provides publicly to everyone a GitHub Repository to mitigate back doors that other nation-state threat actors are using. Your statement "the sheer number of backdoors and exploits the NSA has and if revealed, would stop probably all malicious programs" implies that nation-state threat actors are using the same back doors, so why would they do this?
-
Mass exploitation of on-prem Exchange servers :(
There is likely a Cobalt Strike BEACON acting as C2 now even if you've patched. I recommend full incident response mode, probably want to isolate the server. Run an integrity check against a known good config with WinDiff or NSA's dirChecker to find other anomolies. https://github.com/nsacyber/Mitigating-Web-Shells
What are some alternatives?
When comparing ExchangeMarch2021IOCHunt and Mitigating-Web-Shells you can also consider the following projects:
aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
Automate-Powershell
gimmeSH - For pentesters who don't wanna leave their terminals.
htshells - Self contained htaccess shells and attacks
spectre-meltdown-checker - Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD
wso-webshell - 🕹 wso php webshell
HealthChecker - Exchange Server Performance Health Checker Script