cert-lv/exchange_webshell_detection external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

cert-lv/exchange_webshell_detection

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/cert-lv/exchange_webshell_detection)

Close

cert-lv / exchange_webshell_detectionView on GitHubMore

• External links
• Readme badge

Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)

☆99Mar 16, 2021Updated 5 years ago

Alternatives and similar repositories for exchange_webshell_detection

Users that are interested in exchange_webshell_detection are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• B2dfir / B2Response

  View on GitHub
  Logged PS Remote Command Wrapper for Blue Team Forensics/IR
  ☆11Apr 12, 2018Updated 8 years ago
• datto / fireeye-red-team-countermeasure-scanner

  View on GitHub
  A scanner to detect the use of stolen FireEye red team tools
  ☆20Dec 18, 2020Updated 5 years ago
• hackjalstead / IRCP

  View on GitHub
  A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments
  ☆65Jan 31, 2022Updated 4 years ago
• GossiTheDog / scanning

  View on GitHub
  ☆191Nov 19, 2025Updated 5 months ago
• FrankysWeb / Delete-Old-OWA-and-ECP-Versions

  View on GitHub
  Deletes old versions of OWA and ECP versions of Exchange Server
  ☆12Dec 7, 2021Updated 4 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• francoisfried / Defender-Advanced-Hunting-Queries

  View on GitHub
  KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.
  ☆20Nov 7, 2024Updated last year
• zcgonvh / CVE-2020-0688

  View on GitHub
  Exploit and detect tools for CVE-2020-0688
  ☆356Mar 21, 2020Updated 6 years ago
• vadim-hunter / Detection-Ideas-Rules

  View on GitHub
  Detection Ideas & Rules repository.
  ☆178Sep 10, 2021Updated 4 years ago
• pr0tean / CVE-2019-13051

  View on GitHub
  ☆22Oct 22, 2019Updated 6 years ago
• P4x1s / CVE-2024-23897

  View on GitHub
  CVE-2024-23897 jenkins-cli
  ☆15Jan 27, 2024Updated 2 years ago
• ajackal / ir_scripts

  View on GitHub
  incident response scripts
  ☆18Mar 4, 2019Updated 7 years ago
• claudiopizzillo / conti_v3

  View on GitHub
  Conti V3 source code updated
  ☆11Jun 30, 2022Updated 3 years ago
• Medicean / AS_Out-of-Network

  View on GitHub
  AntSword 出网探测插件
  ☆22Jul 6, 2022Updated 3 years ago
• microsoft / CSS-Exchange

  View on GitHub
  Exchange Server support tools and scripts
  ☆1,278Updated this week
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• djhohnstein / TSMSISrv_poc

  View on GitHub
  C# POC code for the SessionEnv dll hijack by utilizing called functions of TSMSISrv.dll
  ☆62Apr 18, 2019Updated 7 years ago
• W3ndige / aurora

  View on GitHub
  Malware similarity platform with modularity in mind.
  ☆80Jul 18, 2021Updated 4 years ago
• master-of-servers / mose

  View on GitHub
  Post exploitation tool for configuration management servers.
  ☆77Jan 29, 2026Updated 3 months ago
• sourceincite / CVE-2021-24085

  View on GitHub
  ☆71Feb 15, 2021Updated 5 years ago
• paranoidninja / DotNetTracer

  View on GitHub
  C code to enable ETW tracing for Dotnet Assemblies
  ☆32Aug 12, 2022Updated 3 years ago
• kyle-phillips / adversarial-tools

  View on GitHub
  A collection of tools adversaries commonly use in an attack.
  ☆15Nov 23, 2024Updated last year
• seajaysec / Ivanti-Connect-Around-Scan

  View on GitHub
  Mitigation validation utility for the Ivanti Connect Around attack chain. Runs multiple checks. CVE-2023-46805, CVE-2024-21887.
  ☆12Feb 3, 2024Updated 2 years ago
• Hzllaga / bypassUAC

  View on GitHub
  基于注册表劫持BypassUAC
  ☆28Dec 16, 2020Updated 5 years ago
• mandiant / Mandiant-Azure-AD-Investigator

  View on GitHub
  ☆646Jun 6, 2023Updated 2 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• joxeankoret / deeptoad

  View on GitHub
  DeepToad is a library and a tool to clusterize similar files using fuzzy hashing
  ☆20Apr 5, 2020Updated 6 years ago
• CCob / MirrorDump

  View on GitHub
  Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…
  ☆270Mar 18, 2021Updated 5 years ago
• riskydissonance / SafetyDump

  View on GitHub
  Dump stuff without touching disk
  ☆165Oct 29, 2020Updated 5 years ago
• 3c7 / yaramanager

  View on GitHub
  Simple yara rule manager
  ☆67Dec 27, 2022Updated 3 years ago
• OMENScan / AChoirX

  View on GitHub
  ReWrite of AChoir in Go for Cross Platform forensic artifact collection and processing
  ☆42Apr 18, 2026Updated last week
• swisscom / Invoke-Forensics

  View on GitHub
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆117Nov 28, 2023Updated 2 years ago
• kidcrash22 / Sysmon-Threat-Intel

  View on GitHub
  ☆13Feb 6, 2018Updated 8 years ago
• dfirtrack / dfirtrack

  View on GitHub
  DFIRTrack - The Incident Response Tracking Application
  ☆534Jan 13, 2026Updated 3 months ago
• LETHAL-FORENSICS / Collect-MemoryDump

  View on GitHub
  Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
  ☆256Oct 29, 2025Updated 6 months ago
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• mubix / attackbox

  View on GitHub
  Ansible scripts to build an attack box
  ☆24Sep 24, 2018Updated 7 years ago
• cbasnett / Log-Extractor

  View on GitHub
  ☆28Mar 29, 2022Updated 4 years ago
• BushidoUK / Cybercrime-Police-Raids

  View on GitHub
  Collection of videos of Raids on Cybercriminals
  ☆22Mar 19, 2025Updated last year
• infosecn1nja / e2modrewrite

  View on GitHub
  Convert Empire profiles to Apache mod_rewrite scripts
  ☆29Sep 17, 2019Updated 6 years ago
• ztgrace / mole

  View on GitHub
  Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.
  ☆58Aug 6, 2020Updated 5 years ago
• palantir / exploitguard

  View on GitHub
  Documentation and supporting script sample for Windows Exploit Guard
  ☆168Sep 8, 2025Updated 7 months ago
• adulau / netbeacon

  View on GitHub
  netbeacon - monitoring your network capture, NIDS or network analysis process
  ☆20Apr 5, 2026Updated 3 weeks ago