2021 Exchange bug was still not patched by the target. I found this while reckoning their Exchange Server. It's a very simple, critical MS Exchange ProxyShell attack CVE-2021-34473. #BugBounty

#Microsoft #Exchange Servers are a crucial part of a companies environment. #Infosec has been talking about it a lot, especially since #ProxyShell and #ProxyNotShell. Still, as of right now, there are 77154 instances of #Exchange with #critical vulnerabilities out there.

Happy Friday... Working on some content regarding hunting ProxyShell and just regular Webshells in memory!

ProxyShell is still alive in the networks of giant players! 🫡 #ProxyShell #windows #ActiveDirectory #BugBounty

🔓Disponible el descifrador gratuito para la variante Tortilla del ransomware Babuk después de la detención de un miembro 📬 La variante Tortilla 🫓 fue muy explotada mediante ProxyShell, vulnerabilidad de Microsoft Exchange https://t.co/de1sV21GdQ

"A New Attack Surface on MS Exchange Part 1 - ProxyLogon!" "Part 2 - ProxyLogon" "Part 3 - ProxyShell" #infosec #pentest #redteam https://t.co/85J5MqVEAo https://t.co/5u9BPZ2WkO https://t.co/m5dcEQssGt

proxymaybeshell (proxyshell ssrf + proxynotshell伪造X-Rps-CAT token) part detailed exploitation and modifyed scripts is now added in my github Proxy-Attackchain, stiil worth a try to give to exchange server!😀🤣 https://t.co/QdWVQTYB7S

Log4Shell, ProxyShell still among most widely exploited flaws #Technology #ComputerWeekly https://t.co/hWkdWKrghf

🚨 #ProxyLogon and #ProxyShell Pose Ongoing Threats to #Government Mail Servers 🔍 Researchers found ongoing exploitation of these vulnerabilities in #MicrosoftExchange servers, targeting government entities in Asia, Europe, and South America to steal sensitive communications. 🔗

Cybersecurity Exposure Studies in 2022: Key Findings across: Tenable exposure 2022 Report: Top 4 vulnerabilities are: 1. Log4shell Apache Log4j 2. Follina, Microsoft Support Diagnostic Tool 3. Atlassian Confluence Server and Data Center 4. ProxyShell, Microsoft Exchange Server

I've worked over the weekend on a write-up on how to analyze ProxyShell in a memory dump. Write-up contains different .NET debugging techniques that is applicable to other Exchange CVEs as well, including two mem dumps of w3wp.exe - All WinDbg ofc ;-)

🔥 #APTs in 2025 still abuse ProxyShell, Log4Shell, & Fortinet flaws. ⚠️ Patch or become a breach headline. 📖 Full Q1 2025 findings: https://t.co/v6qjJX36cT #ThreatIntel #CyberAttack #StaySecure #APTs #CyberDefense #ZeroTrust #Cybersecurity #Kaspersky #Securelist #Linux

The BianLian group employs diverse infiltration tactics, ranging from the use of stolen credentials to exploiting vulnerabilities like ProxyShell. Learn more about such #cyberthreats in our latest #ThreatAdvisoryTuesday update:  https://t.co/PcculXF9zN

#threatreport #MediumCompleteness Uncovering .NET Malware Obfuscated by Encryption and Virtualization | 04-03-2025 Source: https://t.co/WEfP71jumt Key details below ↓ 🧑‍💻Actors/Campaigns: Kimsuky 💀Threats: Agent_tesla, Formbook, Xworm_rat, Proxyshell_vuln, Proxylogon_exploit,

proxylogon & proxyshell & proxyoracle & proxytoken & all exchange server vulns summarization :)

🚨New investigations reveal more info on the BianLian data extortion group. Threat actors are targeting public-facing applications of #Windows & #ESXi infrastructure, possibly leveraging ProxyShell exploit chain to gain initial access. Learn more 👉 https://t.co/xJcdPPjhiJ

My colleagues from PT ESC discovered a previously unknown keylogger for Microsoft Exchange OWA. ➡️ https://t.co/jEe4M9SRft #PositiveTechnologies #keylogger #Microsoft #Exchange #ProxyShell

Log4Shell, ProxyShell still among most widely exploited flaws

At the UK the #ICO revealed that the Electoral Commission was breached in August 2021 because it failed to #patch its on-premise #Microsoft Exchange Server against #ProxyShell #vulnerabilities. #CyberSecurity #infosec #cyberespionage https://t.co/0XdfHWBtLT