Skip to content

DCScoder/Exchange_IOC_Hunter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits

20210309_Exchange_Vuln_IOC.txt

20210309_Exchange_Vuln_IOC.txt

 
 

20210311_Exchange_Vuln_IOC.txt

20210311_Exchange_Vuln_IOC.txt

 
 

20210312_Exchange_Vuln_IOC.txt

20210312_Exchange_Vuln_IOC.txt

 
 

20210313_Exchange_Vuln_IOC.txt

20210313_Exchange_Vuln_IOC.txt

 
 

Exchange_IOC_Hunter.ps1

Exchange_IOC_Hunter.ps1

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Exchange_IOC_Hunter

Description:

Hunt for IOCs in IIS Logs - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065

Artefacts Supported:

  • C2 IP Addresses (used for scanning and exploitation)
  • File Names (observed in exploitation attempts)
  • Remote Code Execution (RCE)

Usage:

powershell .\Exchange_IOC_Hunter.ps1

Updates:

This repository will be updated with new IOC's as our security engagements evolve.

About

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages