HAFNIUM Exchange Server exploits - Resources

Published on Wednesday, March 10, 2021

Some days had passed since the public Microsoft announcement about this HAFNIUM exploit and as I have been asked to step to help several customers I would like to list all the resources I used to work on this matter, I will try to update this list with new content as it is being generated.

3/10/2021: Added two more resources.

Microsoft resources

Probably the official entry point to understand the exploit and should be the initial procedure to take against this vulnerability.

Not only contains a script that you must execute to understand if your Exchange logs show suspicious entries (Suspicious activity found in % log!), EVEN IF YOU APPLIED THE PATCHES, but also a mitigation script to apply if for some reason you are unable to install the Security Patches.

This tool was updated to detect web shells that could have been left by attackers, not enough, but a must-run tool.

Other resources

Frank Carius always produces great content, this time is sharing a very complete review of the vulnerability, also with a recommended workflow to follow.

(I am not affiliated, associated, authorized, endorsed by, or in any way officially connected with this solution)

An excellent compilation of events since the discovery of this vulnerability.

comments powered by Disqus