MENU
In this video you will learn how to use Nmap & Powershell to scan your Microsoft Exchange environment for the ProxyLogon exploit (CVE-2021-26855). The Microsoft provided Powershell script can automatically scan Exchange log files for suspicious activity. Both scripts can be used to help you quickly determine potential for exploitation without installing additional tools and locate Exchange hosts that may have been targeted.
Links: GitHub(Microsoft): https://github.com/microsoft/CSS-Exchange/tree/main/Security
Microsoft Security Blog: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Vulnerability Details: https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/
Most networks are compromised as a result of the most common, textbook vulnerabilities. These are not sophisticated hacks requiring deep infiltration or complex exploit code. Most are exploited through “low hanging fruit” like:
Contact us or call toll-free: 1-833-630-2888