CVE-2021-26855 PoC — Microsoft Exchange Server Remote Code Execution Vulnerability

Source

Associated Vulnerability

Title:Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)
Description:Microsoft Exchange Server Remote Code Execution Vulnerability

Description

Tool to search for IOCs related to HAFNIUM: CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065

Readme

![Copy of site photo temp (18)](https://user-images.githubusercontent.com/20119926/110186849-17c51080-7ddc-11eb-9ff8-c2901f56694b.png)
# ZIRCONIUM

ZIRCONIUM has been created to scan for Indicators of Compromise (IOCs) on Exchange Servers for signs of
Zero-Day exploits used by HAFNIUM. 

ZIRCONIUM will search for:
* CVE-2021-26855
* CVE-2021-26958
* CVE-2021-26857
* CVE-2021-27027065
* Suspicious .dmp Files
* .aspnet Files Found in inetpub and Exchange File Paths

## Usage

Download the lastest version of ZIRCONIUM: https://github.com/SpearTip-Cyber-Counterintelligence/Zirconium/releases/download/1.0/Zirconium.exe

Move the latest version of ZIRCONIUM to your desktop and double click the application to start.
ZIRCONIUM will begin to scan the system, outputting notification balloons to the bottom right-hand
corner of the screen.


Once ZIRCONIUM has completed its scan, you will find a .txt file on your desktop labeled "ZIRCONIUM-Info.txt"
that contains any information the application has found, including possible compromise, bad filepaths, etc.

File Snapshot


 [4.0K]  /data/pocs/8939022c2adad11c96f4ec9a52b27f901f8821ea
├── [1.0K]  LICENSE
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!