Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
β99Mar 16, 2021Updated 4 years ago
Alternatives and similar repositories for exchange_webshell_detection
Users that are interested in exchange_webshell_detection are comparing it to the libraries listed below
Sorting:
- π¦π¬A small PowerShell tool for finding information quickly on malicious IPs or FQDNs. Powershell threat hunting.β11Jan 9, 2020Updated 6 years ago
- A collection of tools adversaries commonly use in an attack.β14Nov 23, 2024Updated last year
- CVE-2024-23897 jenkins-cliβ15Jan 27, 2024Updated 2 years ago
- Exploit and detect tools for CVE-2020-0688β356Mar 21, 2020Updated 5 years ago
- Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.β58Aug 6, 2020Updated 5 years ago
- εΊδΊζ³¨ε葨ε«ζBypassUACβ28Dec 16, 2020Updated 5 years ago
- C code to enable ETW tracing for Dotnet Assembliesβ32Aug 12, 2022Updated 3 years ago
- Detection Ideas & Rules repository.β178Sep 10, 2021Updated 4 years ago
- Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump inβ¦β269Mar 18, 2021Updated 4 years ago
- Post exploitation tool for configuration management servers.β77Jan 29, 2026Updated last month
- incident response scriptsβ18Mar 4, 2019Updated 6 years ago
- Cisco Unfied Call Manager enumerationβ25Jul 13, 2022Updated 3 years ago
- Notes and Commands for CTFsβ22Apr 28, 2020Updated 5 years ago
- Asynchronous named pipe module for PowerShellβ21May 30, 2016Updated 9 years ago
- AntSword εΊη½ζ’ζ΅ζδ»Άβ22Jul 6, 2022Updated 3 years ago
- C# POC code for the SessionEnv dll hijack by utilizing called functions of TSMSISrv.dllβ62Apr 18, 2019Updated 6 years ago
- Malware similarity platform with modularity in mind.β80Jul 18, 2021Updated 4 years ago
- β21Oct 22, 2019Updated 6 years ago
- black Ip lists, dorks-collectionβ16Updated this week
- netbeacon - monitoring your network capture, NIDS or network analysis processβ19Oct 26, 2013Updated 12 years ago
- KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.β18Nov 7, 2024Updated last year
- Unlocking Serverless Computing to Assess Security Controlsβ261Mar 15, 2024Updated last year
- β49Dec 11, 2025Updated 2 months ago
- Initial triage of Windows Event logsβ106Jun 16, 2024Updated last year
- β298Jul 2, 2024Updated last year
- Dump stuff without touching diskβ163Oct 29, 2020Updated 5 years ago
- DFIRTrack - The Incident Response Tracking Applicationβ532Jan 13, 2026Updated last month
- Convert Empire profiles to Apache mod_rewrite scriptsβ29Sep 17, 2019Updated 6 years ago
- Windows Common Log File System Driver POCβ95Dec 21, 2021Updated 4 years ago
- A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environmentsβ65Jan 31, 2022Updated 4 years ago
- Conti V3 source code updatedβ11Jun 30, 2022Updated 3 years ago
- β12Jan 12, 2023Updated 3 years ago
- DEFCON-RUSSIA WEBβ12Mar 30, 2021Updated 4 years ago
- Draugnet is a lightweight, open-source tool for anonymous cyber threat reporting. Built for the MISP ecosystem, it lets users submit and β¦β20Updated this week
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individualβ14Jul 13, 2022Updated 3 years ago
- Mitigation validation utility for the Ivanti Connect Around attack chain. Runs multiple checks. CVE-2023-46805, CVE-2024-21887.β12Feb 3, 2024Updated 2 years ago
- A tool to find/download malware samples from various public repositoriesβ12Dec 22, 2021Updated 4 years ago
- wordpress batch brute forceβ11Sep 21, 2021Updated 4 years ago
- ζ―ζε 解ε―zipζδ»Ά Fork of Go's archive/zip to add reading/writing of password protected zip files.β10Jul 9, 2024Updated last year