From a323736923610a0d66127e8a2e8052753005e22f Mon Sep 17 00:00:00 2001 From: Bill Long Date: Fri, 5 Mar 2021 08:57:52 -0600 Subject: [PATCH 1/2] Save more attributes from HttpProxy --- Security/Test-Hafnium.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Security/Test-Hafnium.ps1 b/Security/Test-Hafnium.ps1 index 306a0423fe..270a8b0e42 100644 --- a/Security/Test-Hafnium.ps1 +++ b/Security/Test-Hafnium.ps1 @@ -30,7 +30,7 @@ function Get-26855() { if (Test-Path "$PSScriptRoot\CVE-2021-26855.log") { Remove-Item $PSScriptRoot\CVE-2021-26855.log -Force } - $allResults | Select-Object DateTime, AnchorMailbox | Export-Csv $PSScriptRoot\CVE-2021-26855.log + $allResults | Select-Object DateTime, RequestId, ClientIPAddress, UrlHost, UrlStem, RoutingHint, UserAgent, AnchorMailbox | Export-Csv $PSScriptRoot\CVE-2021-26855.log } else { Write-Host "No suspicious entries found." -ForegroundColor Green } From e1509c945d375d6084d27d189b32066c9c8b6167 Mon Sep 17 00:00:00 2001 From: Bill Long Date: Fri, 5 Mar 2021 09:39:33 -0600 Subject: [PATCH 2/2] One more prop requested by Security --- Security/Test-Hafnium.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Security/Test-Hafnium.ps1 b/Security/Test-Hafnium.ps1 index 270a8b0e42..9aadd6fbd8 100644 --- a/Security/Test-Hafnium.ps1 +++ b/Security/Test-Hafnium.ps1 @@ -30,7 +30,7 @@ function Get-26855() { if (Test-Path "$PSScriptRoot\CVE-2021-26855.log") { Remove-Item $PSScriptRoot\CVE-2021-26855.log -Force } - $allResults | Select-Object DateTime, RequestId, ClientIPAddress, UrlHost, UrlStem, RoutingHint, UserAgent, AnchorMailbox | Export-Csv $PSScriptRoot\CVE-2021-26855.log + $allResults | Select-Object DateTime, RequestId, ClientIPAddress, UrlHost, UrlStem, RoutingHint, UserAgent, AnchorMailbox, HttpStatus | Export-Csv $PSScriptRoot\CVE-2021-26855.log } else { Write-Host "No suspicious entries found." -ForegroundColor Green }