/Exchange_IOC_Hunter

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065

Primary LanguagePowerShellGNU General Public License v3.0GPL-3.0

Exchange_IOC_Hunter

Description:

Hunt for IOCs in IIS Logs - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065

Artefacts Supported:

  • C2 IP Addresses (used for scanning and exploitation)
  • File Names (observed in exploitation attempts)
  • Remote Code Execution (RCE)

Usage:

powershell .\Exchange_IOC_Hunter.ps1

Updates:

This repository will be updated with new IOC's as our security engagements evolve.