支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款

POC详情: fbd37aaf2dc8b02a37b383db94afa287ca8c81bf

来源
https://github.com/SCS-Labs/HAFNIUM-Microsoft-Exchange-0day
关联漏洞
标题:Microsoft Exchange Server 代码问题漏洞 (CVE-2021-26855)
描述:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server 安全漏洞。攻击者可构造恶意HTTP请求,并通过Exchange Server进行身份验证。进而扫描内网,获取用户敏感信息。以下产品和版本受到影响:Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange
描述
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065
介绍
![](https://github.com/SCS-Labs/Images/raw/main/SCS%20-%20HAFNIUM.png)



- #### [Indicators](/indicators/README.md)
- #### [Timeline](Timeline.md)
- #### [Tool Detections](/tool-detections/README.md)
- #### [Post Exploitation](/post-exploitation/README.md)
- #### [Mitigations and Detections](/mitigations-and-detections/README.md)
- #### [Vendor Security Research](/vendor-security-research/README.md)
- #### [Government or Agency Security Research](/gov-sec-research/README.md)
- #### [Tweets](Tweets.md)
- #### [Cool Resources](/resources/README.md)


## To-Do Checklist

- [ ] Indicators 
- [X] Timeline
- [ ] Tool Detections
- [ ] Post Exploitation
- [ ] Mitigations and Detections
- [ ] Vendor Security Research
- [ ] Government or Agency Security Research
- [X] Tweets
- [ ] Cool Resources


# Contributing

If you want to Contribute to this all-in-one resource source for HAFNIUM Microsoft Exchange 0Day, please just do a pull request.
文件快照

 [4.0K]  /data/pocs/fbd37aaf2dc8b02a37b383db94afa287ca8c81bf
├── [1.6K]  CVE.md
├── [ 432]  github-repos.md
├── [4.0K]  gov-sec-research
│   ├── [   0]  CERT-Latvia.md
│   ├── [   0]  CISA.md
│   └── [  67]  README.md
├── [4.0K]  indicators
│   ├── [ 522]  hashes
│   ├── [ 212]  ip-addresses
│   ├── [3.1K]  README.md
│   ├── [ 933]  useragents
│   ├── [ 189]  webshell_names
│   └── [ 721]  webshell_paths
├── [4.0K]  mitigations-and-detections
│   └── [  32]  README.md
├── [4.0K]  post-exploitation
│   └── [  22]  README.md
├── [ 945]  README.md
├── [4.0K]  resources
│   └── [ 716]  README.md
├── [4.0K]  Timeline.md
├── [4.0K]  tool-detections
│   ├── [4.0K]  Azure-Sentinel
│   │   ├── [ 217]  Downloads of PowerCat
│   │   ├── [ 339]  Exchange PowerShell Snapin being loaded
│   │   ├── [1.5K]  HAFNIUMNewUMServiceChildProcess.yaml
│   │   ├── [1.4K]  HAFNIUMSuspiciousExchangeRequestPattern.yaml
│   │   ├── [1.3K]  HAFNIUMSuspiciousFileDownloads.yaml
│   │   ├── [1.2K]  HAFNIUMSuspiciousIMServiceError.yaml
│   │   ├── [1.8K]  HAFNIUMUmServiceSuspiciousFile.yaml
│   │   └── [ 181]  Nishang Invoke-PowerShellTcpOneLine in Windows Event Logging
│   ├── [4.0K]  Microsoft-Defender
│   │   ├── [ 153]  Generic Microsoft Defender AV Queries
│   │   ├── [  77]  Microsoft Defender AV Queries
│   │   ├── [ 250]  UMWorkerProcess.exe in Exchange creating abnormal content
│   │   └── [ 146]  UMWorkerProcess.exe spawning
│   └── [ 209]  README.md
├── [1.4K]  Tweets.md
└── [4.0K]  vendor-security-research
    ├── [ 865]  Cisco-Talos.md
    ├── [ 13K]  Fireeye.md
    ├── [   0]  Mandiant-Managed-Defense.md
    ├── [   0]  Nextron-Systems.md
    ├── [ 276]  README.md
    ├── [   0]  Recon-Infosec.md
    ├── [ 20K]  Red-Canary.md
    └── [ 18K]  Volexity.md

9 directories, 38 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。