Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-26855 PoC — Microsoft Exchange Server Remote Code Execution Vulnerability

Source
https://github.com/DCScoder/Exchange_IOC_Hunter
Associated Vulnerability
Title:Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)
Description:Microsoft Exchange Server Remote Code Execution Vulnerability
Description
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065
Readme
# Exchange_IOC_Hunter

#### Description:

Hunt for IOCs in IIS Logs - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065

#### Artefacts Supported:

- C2 IP Addresses (used for scanning and exploitation)
- File Names (observed in exploitation attempts)
- Remote Code Execution (RCE)

#### Usage:

```
powershell .\Exchange_IOC_Hunter.ps1
```

#### Updates:

*This repository will be updated with new IOC's as our security engagements evolve.*
File Snapshot

 [4.0K]  /data/pocs/17481bb2cd635e6d2a421905b10295a5a7972158
├── [1.4K]  20210309_Exchange_Vuln_IOC.txt
├── [1.9K]  20210311_Exchange_Vuln_IOC.txt
├── [2.5K]  20210312_Exchange_Vuln_IOC.txt
├── [2.9K]  20210313_Exchange_Vuln_IOC.txt
├── [9.2K]  Exchange_IOC_Hunter.ps1
├── [ 34K]  LICENSE
└── [ 455]  README.md

0 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →