Skip to content

Fix The Exchange!

My Tech Blog, Reborn!
  • Home
  • About

Hunting Webshells: Tracking TwoFace

September 9, 2019 Josh Bryant Leave a comment

Microsoft Exchange Servers are a high-value target for many adversaries, which makes the investigation of them during Incident Response vital.…

Continue Reading →

The ABCs of Containment, Eradication, and Recovery

August 30, 2019 Josh Bryant 1 Comment

In the physical realm, a successful hunt ends with either a kill or a capture.  While some might enjoy the thrill…

Continue Reading →

Best of Both Worlds: Blending Tactics from the Public and Private Sectors

Josh Bryant Leave a comment

Public and private enterprises face the same threats, and yet often have different approaches to defense. What if you could…

Continue Reading →

The Hitchhiker’s Guide to Data Breaches

Josh Bryant Leave a comment

The results are in, you’ve been breached. It’s officially the worst day of your career. How will you handle what…

Continue Reading →

Reducing the Exchange and Active Directory Attack Surface

February 12, 2019 Josh Bryant Leave a comment

Three years ago I wrote a document titled “Removing Exchange’s ability to impact Tier 0 and Tier 1” that was…

Continue Reading →

Filed under: Active Directory, Cybersecurity, Exchange, Exchange 2010, Exchange 2013, Exchange 2016, Exchange 2019

FixTheExchange.com is 7 years old today!

August 31, 2018 Josh Bryant Leave a comment

How fitting that 7 years after I started this blog I would relaunch it on a new platform (more on…

Continue Reading →

Hunting Webshells on Microsoft Exchange Server

May 8, 2017 Josh Bryant Leave a comment

Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you…

Continue Reading →

Filed under: Cybersecurity, Exchange 2013, Exchange 2016

Join me at the 2017 SANS Threat Hunting and Incident Response Summit – April 18th and 19th

December 13, 2016 Josh Bryant Leave a comment

I’ll be presenting a brand new session titled “Hunting Webshells on Microsoft Exchange Server” at the 2017 SANS Threat Hunting…

Continue Reading →

Filed under: Cybersecurity, DFIR, Exchange 2010, Exchange 2013, Exchange 2016

Exchange 2016 SP1 to run on Linux!

April 1, 2016 Josh Bryant Leave a comment

Ever since last month’s announcement that Microsoft SQL Server will be coming to Linux, quiet rumors have been floating around…

Continue Reading →

Filed under: April Fools, Exchange 2016

Changing my focus in 2016.

January 5, 2016 Josh Bryant Leave a comment

I’ve always had two passions throughout my IT career, Messaging, and Security. I tend to change my focus from one…

Continue Reading →

Filed under: Security

Post navigation

Page 1 of 8
1 2 … 8 Next →

Search

Twitter Feed

Follow @@FixTheExchange
Followers: 716
Josh M. Bryant
In reply toJake Williams
17 hours ago
@MalwareJake New mile high coffee enimas obviously.
View on Twitter
0
1
Josh M. Bryant
Josh M. Bryant @FixTheExchange
23 hours ago
Former @Microsoft employees, now working for @Tanium, continue their tradition of giving, and raise $6,120, with a match by Tanium CEO Orion Hindawi, for a total of $12,240 donated to Ronald McDonald House Charities of Phoenix! https://t.co/KRFKD2u9jF
View on Twitter
FixTheExchange photo
2
2
Josh M. Bryant
In reply toJ B
1 day ago
@InfoSecZ @gentilkiwi I didn't, but the command line containing:
service::

is what triggered it.

Very common for tools to look for the command arguments that Mr. Delpy includes. Also fairly trivial to avoid those detections.
View on Twitter
0
1
Josh M. Bryant
In reply toJimArista
1 day ago
@AristaJim Nah, they tend to figure out their mom's PIN and switch over to her account to approve more time for themselves. 🤣
View on Twitter
0
1
Josh M. Bryant
In reply toJake Williams
1 day ago
@MalwareJake I don't usually have to worry about that. Don't know if I just look unapproachable, but this sort of thing rarely happens, and I'm fine with it. I prefer a quiet ride.

Wish I could work on slides while in transit, but looking at a screen too long in the car makes me nauseous.
View on Twitter
0
0
Josh M. Bryant
In reply to
1 day ago
Words matter. The words I chose during that ride brought excitement to my driver. Maybe I made a small positive impact on his life. Maybe someday I'll be sitting in the audience for his talk at conference, rather than him driving me from the airport for me to speak at one.
5/5
View on Twitter
0
9

RSS You had me at EHLO…

  • Changes to File Types Blocked in Outlook on the web September 25, 2019
    We will soon be adding several additional file extensions to the BlockedFileTypes property of existing OwaMailboxPolicy objects. This change will prevent Outlook on the web users from downloading attachments that have those file extensions. Why are we making this change? We’re always evaluating ways to improve security for our customers, and so we took the […]
  • Improving Security - Together September 20, 2019
    For many years, client apps have used Basic Authentication to connect to servers, services and endpoints. It is enabled by default on most servers and services and it’s super simple to set up. Basic Authentication simply means the application sends a username and password with every request (often stored or saved on the device). Simplicity […]
  • Exchange On-Premises Best Practices for Migrations from 2010 to 2016 September 18, 2019
    As many of you know from the previous blog post, Exchange 2010 End of Support Is Coming and the soon-to-be-a-classic sequel post Microsoft Extending End of Support for Exchange Server 2010 to October 13th, 2020 time is up for Exchange Server 2010 and you should plan to migrate to Office 365. We have had some requests for guidance on moving from on-premises Exchange 2010 to 2016. If you have […]
  • Released: September 2019 Quarterly Exchange Updates September 17, 2019
    Today we are announcing the availability of quarterly servicing cumulative updates for Exchange Server 2016 and 2019. These updates include fixes for customer reported issues as well as all previously released security updates.  Release Details The KB articles that describe the fixes in each release and product downloads are available as follows: Exchange Server 2019 Cumulative […]
  • Microsoft Extending End of Support for Exchange Server 2010 to October 13th, 2020 September 16, 2019
    After investigating and analyzing the deployment state of an extensive number of Exchange customers we have decided to move the end of Extended Support for Exchange Server 2010 from January 14th 2020 to October 13th 2020. Our commitment to meeting the evolving needs of our customers is as strong as ever, and we recognize discontinuing […]
  • My user has a mailbox both on-premises and in Exchange Online. Help! September 11, 2019
    In support, we hear from people in this “duplicate mailbox” situation relatively often. When this happens, our customers ask us for the best way to recover. In my experience, there are typically two main scenarios under which accounts can get into this situation. Duplicate (new) mailbox in Exchange Online An Exchange Online license was applied […]
  • Facebook
  • Twitter
Privacy Policy
Copyright © 2019 Fix The Exchange!