PowerZure
exchange_webshell_detection
Our great sponsors
PowerZure | exchange_webshell_detection | |
---|---|---|
1 | 8 | |
1,032 | 83 | |
- | - | |
4.2 | 4.4 | |
2 months ago | about 3 years ago | |
PowerShell | PowerShell | |
BSD 3-clause "New" or "Revised" License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PowerZure
-
Gathering Subscription access information with PowerZure
PS C:\> cd C:\Users\$env:USERNAME PS C:\> git clone https://github.com/hausec/PowerZure.git
exchange_webshell_detection
- CERT Latvia False Positive on their Detect Webshells Script
- CERT Latvia False Positiver on their Detect Webshells Script
- Windows defender quarantined Microsoft Exchange exploit attempt immediately & reset virtual oab directory. Am i still compromised?
- cert-lv/exchange_webshell_detection - Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
-
HAFNIUM - Edited Files and File Left behind and other inquiries
Here's a script I found on bleepingcomputer that searches for several files. https://github.com/cert-lv/exchange_webshell_detection
- Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
-
At Least 30k U.S. Organizations Newly Hacked via Holes in MS’s Email Software
There's a powershell script to check your server here: https://github.com/cert-lv/exchange_webshell_detection
What are some alternatives?
HardeningKitty - HardeningKitty - Checks and hardens your Windows configuration
CSS-Exchange - Exchange Server support tools and scripts
DomainProtect - Protect domains from malicious browser extensions
Get-ExchangeEnvironmentReport - This script creates an HTML report showing the following information about an Exchange 2019, 2016, 2013, 2010, and, to a lesser extent, 2007 and 2003 environment.
MrKaplan - MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
Encrypt-Delete-Test - Really can protect from ransomware encryption?
WindowsFirewallRuleset - PowerShell scripts to automatically create rules for Windows firewall
Cyber-Defence - Information released publicly by NCC Group's Cyber Incident Response Team
CloudAdoptionFramework - Code samples and extended documentation to support the guidance provided in the Microsoft Cloud Adoption Framework
ARI - Azure Resource Inventory - It's a Powerful tool to create EXCEL inventory from Azure Resources with low effort
PSMDATP - PowerShell Module for managing Microsoft Defender Advanced Threat Protection
AZSentinel - PowerShell module for Azure Sentinel