by edward | Nov 27, 2023 | Exchange 2016, Exchange 2019, Hafnium, Kali Linux, ProxyLogon
Many of us know the HAFNIUM attacks that took place a little while ago and many Exchange servers were compromised. The sad part is that many Exchange Servers are still unpatched and vulnerable to attack, maybe not to the CVE’s listed below but to others as well....
by edward | Nov 26, 2023 | Exchange 2019, IISCrypto 3.3
A few years back I wrote a blog post for Exchange 2016 where we used IISCrypto to remove Protocols, Ciphers, Hashes, Key Exchanges etc. that posed a security risk externally if the servers were published to the internet however upon running a newer release it seemed...
by edward | Nov 22, 2023 | Exchange 2016, Active Directory, BurpSuite, Exchange 2013, Exchange 2019, Kali Linux
We all know that end users hate complex passwords and having to change passwords often leads them to use the same password but add a number or character at the end of it. Password complexity is just one of the problems. The next problem is information disclosure such...
by edward | Nov 21, 2023 | Exchange 2016, Exchange 2019, NMAP, NMAP Scripting Engine, NSE
Performing some tests against my lab Exchange servers, I noticed that Shodan.io revealed information. Take note that attackers also use Shodan.io when enumerating targets. After digging further with NMAP and some scripts, it became more apparent that internal...
by edward | Nov 12, 2023 | Exchange 2016, Exchange 2019
In the August 2023 Security update (SU) for Exchange Server 2016 and Exchange Server 2019, there was a work around that had to be put in place to remove the Token Cache Module in IIS to mitigate a vulnerability. Microsoft provided the script and you could apply it to...
