Mass exploitation of on-prem Exchange servers :(

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • Scout APM - Less time debugging, more time building
  • SaaSHub - Software Alternatives and Reviews
  • ExchangeMarch2021IOCHunt

    Really fast knock up use at own risk etc.

  • Automate-Powershell

    Automate-Powershell/Hafniummonitor.ps1 at main · Data-Dan-sharing/Automate-Powershell (

  • SonarLint

    Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.

  • HealthChecker

    Exchange Server Performance Health Checker Script

    Does it? Mine does not show there and I ran it from the .msp file. The health check script shows that it is detected though...

  • Mitigating-Web-Shells

    Guidance for mitigation web shells. #nsacyber

    There is likely a Cobalt Strike BEACON acting as C2 now even if you've patched. I recommend full incident response mode, probably want to isolate the server. Run an integrity check against a known good config with WinDiff or NSA's dirChecker to find other anomolies.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts