Mass exploitation of on-prem Exchange servers :(

This page summarizes the projects mentioned and recommended in the original post on /r/msp
mitigation Guidance webshell webshells

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • ExchangeMarch2021IOCHunt

    Really fast knock up use at own risk etc.

  • Automate-Powershell

    • Automate-Powershell/Hafniummonitor.ps1 at main ยท Data-Dan-sharing/Automate-Powershell (github.com)

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • HealthChecker

    Discontinued Exchange Server Performance Health Checker Script

    • Does it? Mine does not show there and I ran it from the .msp file. The health check script shows that it is detected though...

  • Mitigating-Web-Shells

    Guidance for mitigation web shells. #nsacyber

    • There is likely a Cobalt Strike BEACON acting as C2 now even if you've patched. I recommend full incident response mode, probably want to isolate the server. Run an integrity check against a known good config with WinDiff or NSA's dirChecker to find other anomolies. https://github.com/nsacyber/Mitigating-Web-Shells

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts