Mitigating-Web-Shells
Guidance for mitigation web shells. #nsacyber (by nsacyber)
HealthChecker
Exchange Server Performance Health Checker Script (by dpaulson45)
Our great sponsors
Mitigating-Web-Shells | HealthChecker | |
---|---|---|
2 | 20 | |
943 | 315 | |
0.5% | - | |
0.0 | 8.8 | |
10 months ago | almost 3 years ago | |
YARA | PowerShell | |
GNU General Public License v3.0 or later | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Mitigating-Web-Shells
Posts with mentions or reviews of Mitigating-Web-Shells.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-03-03.
-
FBI Director Christopher Wray says agency blocked planned cyberattack on children's hospital
The NSA provides publicly to everyone a GitHub Repository to mitigate back doors that other nation-state threat actors are using. Your statement "the sheer number of backdoors and exploits the NSA has and if revealed, would stop probably all malicious programs" implies that nation-state threat actors are using the same back doors, so why would they do this?
-
Mass exploitation of on-prem Exchange servers :(
There is likely a Cobalt Strike BEACON acting as C2 now even if you've patched. I recommend full incident response mode, probably want to isolate the server. Run an integrity check against a known good config with WinDiff or NSA's dirChecker to find other anomolies. https://github.com/nsacyber/Mitigating-Web-Shells
HealthChecker
Posts with mentions or reviews of HealthChecker.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-09-03.
-
Exchange 2019 still requires obsolete UCM4 installation
Exchange 2016 / Exchange 2019 wrong recommendations on Unified Communications Managed API - Microsoft Q&A [New Check] Check installed UCMA version · Issue #538 · dpaulson45/HealthChecker (github.com) HealthChecker - [New Check] Check installed UCMA version · Issue #535 · microsoft/CSS-Exchange (github.com)
-
Get-Hotfix not working for Exchange patches?
Microsoft’s Exchange healthchecker.ps1 script also checks for, and displays, installed patches: https://github.com/dpaulson45/HealthChecker
-
Critical Exchange CVEs for April 2021 are here, are you ready for another round?
Version 3.3.8 of the Exchange Health Checker. Post-update on Ex2013 seems to work correctly, but bombs out on pre-update Ex2016 for me without any obvious reason why in the logs. Oh well.
- Credential Guard on Exchange Server
-
Question About Zero-Day Exchange Patch
The healthchecker script will let you know which vulnerabilities are present; https://github.com/dpaulson45/HealthChecker
-
Active Directory and Snapshots
Run the HealthChecker.ps1 from https://github.com/dpaulson45/HealthChecker
-
How Does Exchange Exploit Affect Hybrid Environments?
Run through this post https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ and this heath check https://github.com/dpaulson45/HealthChecker#download
-
How to tell if my managed exchange server has been updated after the hafnium attack
Use the HealthChecker.ps1 script.
-
Finding IOC in Exchange
First, I ran the Exchange Health Check script which confirms that the hot fix and CU have been applied to the server.
- Exchange 2016 not work after update from CU3 to CU19
What are some alternatives?
When comparing Mitigating-Web-Shells and HealthChecker you can also consider the following projects:
aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
CSS-Exchange - Exchange Server support tools and scripts
Automate-Powershell
gimmeSH - For pentesters who don't wanna leave their terminals.
ExchangeMarch2021IOCHunt - Really fast knock up use at own risk etc.
htshells - Self contained htaccess shells and attacks
spectre-meltdown-checker - Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD
wso-webshell - 🕹 wso php webshell
Mitigating-Web-Shells vs aizawa
HealthChecker vs CSS-Exchange
Mitigating-Web-Shells vs Automate-Powershell
HealthChecker vs Automate-Powershell
Mitigating-Web-Shells vs gimmeSH
Mitigating-Web-Shells vs ExchangeMarch2021IOCHunt
Mitigating-Web-Shells vs htshells
Mitigating-Web-Shells vs spectre-meltdown-checker
Mitigating-Web-Shells vs wso-webshell