Exchange 2016

Exchange 2016

Josh's picture

Hunting Webshells on Microsoft Exchange Server

Last month I gave a talk at the SANS Threat Hunting and Incident Response Summit on Hunting Webshells on Microsoft Exchange Server.  The SANS Institute has posted a video of that talk on YouTube, check it out here.
You can also view the slides from the talk here, and download the Invoke-ExchangeWebShellHunter script from GitHub here.

 

Josh's picture

Join me at the 2017 SANS Threat Hunting and Incident Response Summit - April 18th and 19th

I'll be presenting a brand new session titled "Hunting Webshells on Microsoft Exchange Server" at the 2017 SANS Threat Hunting and Incident Response Summit in New Orleans on April 18th and 19th!

My session abstract:
"Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you start? What should you look for? Backdoor implants in the form of webshells hiding in OWA are on the rise. Find out how to hunt webshells and differentiate between legitimate use and attacker activity, using default logging available on every Exchange Server, through real world examples. It’s easier than you might think, and these techniques can help up your DFIR game in environments containing Exchange Servers!"

Josh's picture

Exchange 2016 SP1 to run on Linux!

Ever since last month's announcement that Microsoft SQL Server will be coming to Linux, quiet rumors have been floating around that some of Microsoft's other Enterprise Products, such as Exchange Server, may follow suit. With this week's announcement at the Build conference about the popular Linux shell "BASH" coming to Windows, I decided it was time to see what the Exchange team has planned for Linux, if anything. Today I caught up with a member of the Exchange team that wishes to remain anonymous to get the inside scoop on Exchange 2016 SP1 and support for installing it on Linux!

Josh's picture

Exchange 2016 is here!

Exchange 2016 has been officially released! Read the official announcement here: http://aka.ms/msexchange2016 More to come soon.

Subscribe to RSS - Exchange 2016