Exchange 2013

All posts regarding Exchange 2013.

Josh's picture

Hunting Webshells on Microsoft Exchange Server

Last month I gave a talk at the SANS Threat Hunting and Incident Response Summit on Hunting Webshells on Microsoft Exchange Server.  The SANS Institute has posted a video of that talk on YouTube, check it out here.
You can also view the slides from the talk here, and download the Invoke-ExchangeWebShellHunter script from GitHub here.

 

Josh's picture

Join me at the 2017 SANS Threat Hunting and Incident Response Summit - April 18th and 19th

I'll be presenting a brand new session titled "Hunting Webshells on Microsoft Exchange Server" at the 2017 SANS Threat Hunting and Incident Response Summit in New Orleans on April 18th and 19th!

My session abstract:
"Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you start? What should you look for? Backdoor implants in the form of webshells hiding in OWA are on the rise. Find out how to hunt webshells and differentiate between legitimate use and attacker activity, using default logging available on every Exchange Server, through real world examples. It’s easier than you might think, and these techniques can help up your DFIR game in environments containing Exchange Servers!"

Josh's picture

Join me for "Shut the Front Door! Securing your Messaging Environment" at the Microsoft Ignite Conference on May 6th!

If you haven't already heard, I'll be delivering a session at the Microsoft Ignite conference at the McCormick Place in Chicago Illinois May 4-8.  My session is called "Shut the Front Door! Securing your Messaging Environment". (Session code BRK3109)

UPDATED!  TIME CHANGE! (Updated again, for some reason the strikethrough text isn't working, removed some text to avoid confusion)

The date and time of my session have been officially announced, it will be Wednesday May 6th from 10:45AM to 12:00 PM.  You can find more details here.  Also be sure to check out my promo video on YouTube.

Josh's picture

Exchange 2013 CU8, Exchange 2010 SP3 RU9, and Exchange 2007 SP3 RU16 have been released!

Josh's picture

Exchange 2013 CU7, Exchange 2010 SP3 RU8, and Exchange 2007 SP3 RU15 have been released!

Exchange 2013 CU7, Exchange 2010 SP3 RU8,  Exchange 2007 SP3 RU15, and UM Language Packs for CU7, were all released yesterday.  These include important security fixes for vulnerabilities outlined in MS14-075.

Josh's picture

Exchange 2010 SP3 RU7 and Exchange 2013 CU6 - Catching up...

Due to traveling and the holidays, I'm a little late on getting this out there...  Exchange 2010 SP3 RU7 and Exchange 2013 CU6 were both released last week (August 26th 2014). 

Exchange 2010 SP3 RU7 has a handful of bug fixes, and so far is rather unintersting and uneventful.

Josh's picture

Exchange 2010 SP3 RU6 and Exchange 2013 CU5 Released!

Exchange 2010 SP3 RU6 and Exchange 2013 CU5 were released today!   RU6 only contains bug fixes.  CU5 includes OAB improvements in addition to bug fixes.

Josh's picture

Exchange 2013 SP1, 2010 SP3 RU5, and 2007 SP3 RU13 released.

If you haven't noticed already, Exchange 2013 SP1, Exchange 2010 SP3 RU5, and Exchange 2007 SP3 RU13 were all released last week (Feb 25th).  I'm a little behind due to traveling for work.  I am particularly excited about the new DLP features in Exchange 2013 SP1.  A collegue and I personally lobbied the Exchange Product group to get these added. This marks the firs

Josh's picture

Office 365 Best Practices Analyzer for Exchange Server 2013 Beta Now Availble!

The Office 365 Best Practices Analyzer for Exchange Server 2013 is now available! Download it here.

Josh's picture

Exchange 2013 RTM CU2 has been released, and RoleCalc has been updated!

Exchange 2013 RTM CU2 has been released!   Read about it here, download it here, or read the release notes here.

 

Pages

Subscribe to RSS - Exchange 2013