exchange_webshell_detection
postfix
exchange_webshell_detection | postfix | |
---|---|---|
8 | 2 | |
83 | 385 | |
- | - | |
4.4 | 8.1 | |
about 3 years ago | 13 days ago | |
PowerShell | C | |
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
exchange_webshell_detection
- CERT Latvia False Positive on their Detect Webshells Script
- CERT Latvia False Positiver on their Detect Webshells Script
- Windows defender quarantined Microsoft Exchange exploit attempt immediately & reset virtual oab directory. Am i still compromised?
- cert-lv/exchange_webshell_detection - Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
-
HAFNIUM - Edited Files and File Left behind and other inquiries
Here's a script I found on bleepingcomputer that searches for several files. https://github.com/cert-lv/exchange_webshell_detection
- Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
-
At Least 30k U.S. Organizations Newly Hacked via Holes in MS’s Email Software
There's a powershell script to check your server here: https://github.com/cert-lv/exchange_webshell_detection
postfix
-
New Linux glibc flaw lets attackers get root on major distros
FWIW C can do it too to some extent, here's postfix: https://github.com/vdukhovni/postfix/blob/master/postfix/src...
-
At Least 30k U.S. Organizations Newly Hacked via Holes in MS’s Email Software
Postfix.
But that’s only an MTA i hear you cry, Exchange does both MTA & MDA! Bear with me.
Postfix is software to learn from. It might be written in C but the architecture is the epitome of beautiful modular design. It’s not just the meticulous separation of concerns, the care and attention to detail, everything from string handling to memory management is pristinely handled. https://github.com/vdukhovni/postfix
Even at runtime the beauty of the architecture allows for a sysadmin to choose (via master.cf) exactly how the components should be composed to fit their needs. The defaults are crafted for minimum fuss if you just need to get it running ASAP. The software is ergonomic in addition to being artfully crafted.
So what does all this care and attention get you? Only 9 CVEs in 22 years, only 3 of which are code exec, only 2 of which are (maybe) remote code exec, only 1 of which is unauth user RCE - but very hard in practice to exploit.
Maybe it’s just not that popular? It was 1/3 of all SMTP servers on the internet according to a 2019 scan.
So it’s the best MTA ever to exist, but what about MDA? Well, that was the whole point. Compose well crafted components together to build a system. You especially don’t run part of your mailserver’s web interface in kernel space because, well i’m not sure why IIS/Exchange does that :-)
What are some alternatives?
CSS-Exchange - Exchange Server support tools and scripts
OpenSMTPD - This is official OpenSMTPD Portable repository. Forks, pull requests and other contributions are welcome!
PowerZure - PowerShell framework to assess Azure security
Haraka - A fast, highly extensible, and event driven SMTP server
Cyber-Defence - Information released publicly by NCC Group's Cyber Incident Response Team
Get-ExchangeEnvironmentReport - This script creates an HTML report showing the following information about an Exchange 2019, 2016, 2013, 2010, and, to a lesser extent, 2007 and 2003 environment.
Mailu - Insular email distribution - mail server as Docker images
Encrypt-Delete-Test - Really can protect from ransomware encryption?