Plink – The DFIR Report

In this multi-day intrusion, we observed a threat actor gain initial access to an organization by exploiting a vulnerability in ManageEngine SupportCenter Plus. The threat actor, discovered files on the … Read More

APT35 exploit Fast Reverse Proxy Plink ProxyShell ransomware

Exchange Exploit Leads to Domain Wide Ransomware

November 15, 2021

Intro In late September, we observed an intrusion in which initial access was gained by the threat actor exploiting multiple vulnerabilities in Microsoft Exchange. The threat actors in this case … Read More

Category: Plink

Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration

Exchange Exploit Leads to Domain Wide Ransomware