36 matches found
FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit
Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,…...
CVE-2023-36035
creationtimestamp| type| source ---|---|--- 2024-09-26 18:25:07+00:00| seen| https://www.thezdi.com/blog/2024/9/25/exploiting-exchange-powershell-after-proxynotshell-part-4-no-argument-constructor 2025-01-08 16:16:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/715 2025-04-30 00:12:48+00:00...
CVE-2023-36050
creationtimestamp| type| source ---|---|--- 2024-09-26 18:25:07+00:00| seen| https://www.thezdi.com/blog/2024/9/25/exploiting-exchange-powershell-after-proxynotshell-part-4-no-argument-constructor...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell OW...
Microsoft Urges Customers to Secure On-Premises Exchange Servers
Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange...
Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach
Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted...
New Exploit Method that Bypasses ProxyNotShell Mitigations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new exploit method has been found in the mitigations of the Microsoft Exchange vulnerability ProxyNotShell URL rewrite that allows for remote code execution RCE on compromised servers through Outlook W...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell OW...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell OW...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell OW...
Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution RCE through Outlook Web Access OWA. "The new exploit method bypasses...
Rackspace confirms it suffered a ransomware attack
It's not been a great week for cloud computing service provider Rackspace. On December 2, customers began experiencing problems connecting and logging into their Exchange environments. Rackspace started investigating and discovered an issue that affected its Hosted Exchange environments. Now...
Metasploit Weekly Wrap-Up
ProxyNotShell This week's Metasploit release includes an exploit module for CVE-2022-41082, AKA ProxyNotShell by DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q, Orange Tsai, Piotr Bazydło, Rich Warren, Soroush Dalili, and our very own Spencer McIntyre. The vulnerability CVE-2022-41082, AKA ProxyNotShell is a...
Microsoft Exchange ProxyNotShell RCE
This module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend CVE-2022-41040, where a deserialization flaw can be leveraged to obtain code execution CVE-2022-41082. This exploit only suppor...
Microsoft Exchange ProxyNotShell Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange ProxyNotShell RCE', 'Description' = %q This module chains two vulnerabilities on Microsoft Exchange Server that, when combined...
Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler
Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link for Russia: The most importan...
Microsoft addressed ProxyNotShell with November Patch Tuesday
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addressed six zero-day vulnerabilities in this patch Tuesday, along with other significant vulnerabilities that could lead to Remote Code Execution, Information Disclosure, and Denial of...
The Bug Report October 2022 Edition
The Bug Report — October 2022 Edition By Trellix · November 2, 2022 This story was written by Richard Johnson. Do ROP exploits count as jmp scares? Why am I here? Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Of all the months we do this, we’ve foun...
The Bug Report October 2022 Edition
The Bug Report — October 2022 Edition By Trellix · November 2, 2022 This story was written by Richard Johnson. Do ROP exploits count as jmp scares? Why am I here? Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Of all the months we do this, we’ve foun...
Qualys Research Team: Threat Thursdays, October 2022
Welcome to the third edition of the Qualys Research Team’s “Threat Research Thursday”, where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. Feedback on our second edition, Qualys Threat Research Thursday, is mor...