Skip to content
  • Analysts
  • Contact Us
  • Services
  • Subscribe

The DFIR Report

Real Intrusions by Real Attackers, The Truth Behind the Intrusion

  • Analysts
  • Contact Us
  • Services
  • Subscribe
Monday, March 20, 2023

Category: ProxyShell

PHOSPHORUS Automates Initial Access Using ProxyShell
exploit Fast Reverse Proxy PHOSPHORUS ProxyShell

PHOSPHORUS Automates Initial Access Using ProxyShell

March 21, 2022

In December 2021, we observed an adversary exploiting the Microsoft Exchange ProxyShell vulnerabilities to gain initial access and execute code via multiple web shells. The overlap of activities and tasks … Read More

Exchange Exploit Leads to Domain Wide Ransomware
exploit Fast Reverse Proxy PHOSPHORUS Plink ProxyShell ransomware

Exchange Exploit Leads to Domain Wide Ransomware

November 15, 2021

In late September, we observed an intrusion in which initial access was gained by the threat actor exploiting multiple vulnerabilities in Microsoft Exchange. The threat actors in this case were … Read More

Tweets by TheDFIRReport

Copyright 2023 | The DFIR Report | All Rights Reserved