Skip to content

Fix The Exchange!

My Tech Blog, Reborn!
  • Home
  • About

Defending Active Directory Against Cyberattacks

November 22, 2019 Josh Bryant Leave a comment

Back in April of 2016, Zaid Arafeh, Clare Kearney, and I, recorded a 7 part series for the Microsoft Virtual…

Continue Reading →

Hunting Webshells: Tracking TwoFace

September 9, 2019 Josh Bryant Leave a comment

Microsoft Exchange Servers are a high-value target for many adversaries, which makes the investigation of them during Incident Response vital.…

Continue Reading →

The ABCs of Containment, Eradication, and Recovery

August 30, 2019 Josh Bryant Leave a comment

In the physical realm, a successful hunt ends with either a kill or a capture.  While some might enjoy the thrill…

Continue Reading →

Best of Both Worlds: Blending Tactics from the Public and Private Sectors

Josh Bryant Leave a comment

Public and private enterprises face the same threats, and yet often have different approaches to defense. What if you could…

Continue Reading →

The Hitchhiker’s Guide to Data Breaches

Josh Bryant Leave a comment

The results are in, you’ve been breached. It’s officially the worst day of your career. How will you handle what…

Continue Reading →

Reducing the Exchange and Active Directory Attack Surface

February 12, 2019 Josh Bryant Leave a comment

Three years ago I wrote a document titled “Removing Exchange’s ability to impact Tier 0 and Tier 1” that was…

Continue Reading →

Filed under: Active Directory, Cybersecurity, Exchange, Exchange 2010, Exchange 2013, Exchange 2016, Exchange 2019

FixTheExchange.com is 7 years old today!

August 31, 2018 Josh Bryant Leave a comment

How fitting that 7 years after I started this blog I would relaunch it on a new platform (more on…

Continue Reading →

Hunting Webshells on Microsoft Exchange Server

May 8, 2017 Josh Bryant Leave a comment

Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you…

Continue Reading →

Filed under: Cybersecurity, Exchange 2013, Exchange 2016

Join me at the 2017 SANS Threat Hunting and Incident Response Summit – April 18th and 19th

December 13, 2016 Josh Bryant Leave a comment

I’ll be presenting a brand new session titled “Hunting Webshells on Microsoft Exchange Server” at the 2017 SANS Threat Hunting…

Continue Reading →

Filed under: Cybersecurity, DFIR, Exchange 2010, Exchange 2013, Exchange 2016

Exchange 2016 SP1 to run on Linux!

April 1, 2016 Josh Bryant Leave a comment

Ever since last month’s announcement that Microsoft SQL Server will be coming to Linux, quiet rumors have been floating around…

Continue Reading →

Filed under: April Fools, Exchange 2016

Post navigation

Page 1 of 8
1 2 … 8 Next →

Search

Twitter Feed

Follow @@FixTheExchange
Followers: 721
#CyberRonin #MetaHuman Paying Your Attention
Josh M. Bryant Retweeted · #CyberRonin #MetaHuman Paying Your Attention @bitsdigits
5 hours ago
@x0rz @k8em0 @RSnake One of the most critical. Looking back at the 10 or so companies where I played the role as CISO...none of them had a handle on

Asset Management
Patch Management
Inventory Control
Baseline standardization

Until of course your majesty came (I kinda joke)
View on Twitter
2
0
Katie Moussouris
Josh M. Bryant Retweeted · Katie Moussouris @k8em0
5 hours ago
@oracuk It’s not just asset management that’s better ROI done via in-house means, it’s basic vuln scanning as well. Lots of things are being punted and left to completely inefficient bug bounties that lack coverage guarantees and have confidentiality issues, with the platforms themselves
View on Twitter
2
0
Josh M. Bryant
Josh M. Bryant @FixTheExchange
1 day ago
"Don't be chilled by what you don't know, you ain't Cybersecurity."

So much awesome in this. https://t.co/EBkv9t1rmS
View on Twitter
0
1
Ned Pyle
Josh M. Bryant Retweeted · Ned Pyle @NerdPyle
1 day ago
Windows Server 2008 R2 support ends in 5 weeks
View on Twitter
332
0
Lee Christensen
Josh M. Bryant Retweeted · Lee Christensen @tifkin_
2 days ago
@JohnLaTwC @GossiTheDog While we're at it, might as block all all network-authenticated protocols (not just the SCM) using the Windows Firewall or User Right Assignments! (Allow/Deny access to this computer from the network, Allow/deny logon through Remote Desktop Services). https://t.co/3Znta5RAJM
View on Twitter
FixTheExchange photo
2
0
Josh M. Bryant
Josh M. Bryant @FixTheExchange
2 days ago
Nothing quite like hearing a Nurse with a Romanian accent say "I'm going to take your blood now."
🧛‍♀️
View on Twitter
0
4

RSS You had me at EHLO…

  • FAQs from Exchange and Outlook booths at 2019 Microsoft Ignite December 6, 2019
    During Microsoft Ignite 2019, we had a bunch of Microsoft employees and Exchange MVPs in the Exchange and Outlook booths on the show floor. We send them there to answer our customer’s questions. Unsurprisingly, when you get a lot of questions (and we got many), some of them come up more frequently than others. We […]
  • Significant update to "Exchange AD Deployment Site" post December 6, 2019
    One of more popular on-premises blog posts on our blog is a post called Exchange Active Directory Deployment Site. It deals with methodology for installation of new Exchange servers into live production environments, while having as little impact to existing users as possible. Seeing that the post has been so popular, I wanted to mention that […]
  • Upcoming change in the way migration batches for public folders are created December 4, 2019
    A new mandatory parameter, SourcePfPrimaryMailboxGuid, is being added to the New-MigrationBatch command for public folder migrations from Exchange 2013 (or later) on-premises to Exchange Online. Why are we making this change? Before this change, we relied on the on-premises server to find the primary public folder mailbox and route the Mailbox Replication Service (MRS) to […]
  • The case of constant OAB generation and full OAB downloads November 25, 2019
    Introduction The thing that prompted publishing of this blog post is a recent on-premises customer support case. We figured it is a good case study to help illustrate the OAB (Offline Address Book) generation process and how to troubleshoot it if a need arises. The situation was that Outlook users were always getting full download […]
  • Updated: Running PowerShell cmdlets for large numbers of users in Office 365 November 11, 2019
    Back in 2015 I developed a PowerShell script Start-RobustCloudCommand.ps1 to help Exchange Admins that were moving to Exchange Online and were used to running commands against large numbers of users at once.  The script has been a success with lots of positive feedback from customers who have used it to successfully run expensive operations against […]
  • Exchange Transport News from Microsoft Ignite 2019 November 7, 2019
    With the number of emails delivered daily worldwide forecast to grow 18% by 2023, the criticality of email for businesses remains as strong as ever! And the Microsoft Exchange Online Transport team loves nothing better than to continue to improve our email service and introduce new and useful email features that help make your organization […]
  • Facebook
  • Twitter
Privacy Policy
Copyright © 2019 Fix The Exchange!