Fast Reverse Proxy – The DFIR Report

In December 2021, we observed an adversary exploiting the Microsoft Exchange ProxyShell vulnerabilities to gain initial access and execute code via multiple web shells. The overlap of activities and tasks … Read More

APT35 exploit Fast Reverse Proxy Plink ProxyShell ransomware

Exchange Exploit Leads to Domain Wide Ransomware

November 15, 2021

Intro In late September, we observed an intrusion in which initial access was gained by the threat actor exploiting multiple vulnerabilities in Microsoft Exchange. The threat actors in this case … Read More

Category: Fast Reverse Proxy

APT35 Automates Initial Access Using ProxyShell

Exchange Exploit Leads to Domain Wide Ransomware