Skip to content

Fix The Exchange!

My Tech Blog, Reborn!
  • Home
  • About

Defending Active Directory Against Cyberattacks

November 22, 2019 Josh Bryant Leave a comment

Back in April of 2016, Zaid Arafeh, Clare Kearney, and I, recorded a 7 part series for the Microsoft Virtual…

Continue Reading →

Hunting Webshells: Tracking TwoFace

September 9, 2019 Josh Bryant Leave a comment

Microsoft Exchange Servers are a high-value target for many adversaries, which makes the investigation of them during Incident Response vital.…

Continue Reading →

The ABCs of Containment, Eradication, and Recovery

August 30, 2019 Josh Bryant Leave a comment

In the physical realm, a successful hunt ends with either a kill or a capture.  While some might enjoy the thrill…

Continue Reading →

Best of Both Worlds: Blending Tactics from the Public and Private Sectors

Josh Bryant Leave a comment

Public and private enterprises face the same threats, and yet often have different approaches to defense. What if you could…

Continue Reading →

The Hitchhiker’s Guide to Data Breaches

Josh Bryant Leave a comment

The results are in, you’ve been breached. It’s officially the worst day of your career. How will you handle what…

Continue Reading →

Reducing the Exchange and Active Directory Attack Surface

February 12, 2019 Josh Bryant Leave a comment

Three years ago I wrote a document titled “Removing Exchange’s ability to impact Tier 0 and Tier 1” that was…

Continue Reading →

Filed under: Active Directory, Cybersecurity, Exchange, Exchange 2010, Exchange 2013, Exchange 2016, Exchange 2019

FixTheExchange.com is 7 years old today!

August 31, 2018 Josh Bryant Leave a comment

How fitting that 7 years after I started this blog I would relaunch it on a new platform (more on…

Continue Reading →

Hunting Webshells on Microsoft Exchange Server

May 8, 2017 Josh Bryant Leave a comment

Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you…

Continue Reading →

Filed under: Cybersecurity, Exchange 2013, Exchange 2016

Join me at the 2017 SANS Threat Hunting and Incident Response Summit – April 18th and 19th

December 13, 2016 Josh Bryant Leave a comment

I’ll be presenting a brand new session titled “Hunting Webshells on Microsoft Exchange Server” at the 2017 SANS Threat Hunting…

Continue Reading →

Filed under: Cybersecurity, DFIR, Exchange 2010, Exchange 2013, Exchange 2016

Exchange 2016 SP1 to run on Linux!

April 1, 2016 Josh Bryant Leave a comment

Ever since last month’s announcement that Microsoft SQL Server will be coming to Linux, quiet rumors have been floating around…

Continue Reading →

Filed under: April Fools, Exchange 2016

Post navigation

Page 1 of 8
1 2 … 8 Next →

Search

Twitter Feed

Follow @@FixTheExchange
Followers: 781
Josh M. Bryant
In reply toCarl Cadaver⬡us
10 hours ago
@cillic Seems like I get an automated call almost every day about a new confirmed case at the Elementary school.
Latest one was followed by a contact tracing call telling my wife to Quarantine. (She works at the school) 😷
View on Twitter
0
2
Catalin Cimpanu
Josh M. Bryant Retweeted · Catalin Cimpanu @campuscodi
2 days ago
Gateway2Hell – Multiple Privilege Escalation Vulnerabilities in Citrix Gateway Plug-In

POC included

https://t.co/eSxV9FBX40 https://t.co/LoZhnPZWbO
View on Twitter
FixTheExchange photo
38
0
Josh M. Bryant
Josh M. Bryant @FixTheExchange
2 days ago
Me:
I found a lateral movement path to a system that controls robotic warehouse picker.

Coworker:
So you can laterally move to it, then use it to literally move laterally?

Me:
🤣
View on Twitter
0
4
Josh M. Bryant
Josh M. Bryant @FixTheExchange
2 days ago
R.I.P Matt Cole
I had the honor of working with him at both @Microsoft and @Tanium. Just barely missed working together in the @usairforce too.
He was a great man and will be greatly missed. My condolences to his family on their sudden unexpected loss.
https://t.co/ywOxUepkLw
View on Twitter
0
1
Josh M. Bryant
Josh M. Bryant @FixTheExchange
3 days ago
Did you know people have done silly things like store the password for an account in clear text on either the "description" or "info" (aka "Notes") attributes in AD?

I often see this on high value service accounts. These attributes can be read by any user/computer by default.
View on Twitter
0
1
Josh M. Bryant
In reply toKatie Nickels
3 days ago
@likethecoins @CISAKrebs @CISAgov A plausible claim of tampering reduces confidence, even if it's later proven false. That's what keeps me up. 😬
View on Twitter
0
0

RSS You had me at EHLO…

  • Hybrid Agent and Root Certificate Changes October 23, 2020
    You may have already seen this message from the Azure team, but given this impacts customers who use the Exchange Hybrid Agent, we just wanted to make sure those following this blog also were aware of this news. Microsoft is updating Azure services to use TLS certificates from a different set of Root Certificate Authorities […]
    The_Exchange_Team
  • Troubleshooting Slow Migrations October 19, 2020
    Here is your next installment in the troubleshooting hybrid migrations blog series! See: Exchange Hybrid Migrations: More Than Just a Pretty Face (Part 1) Digging Into Hybrid Migration Move Report Data (Part 2) Troubleshooting Failed Migrations (Part 3) Troubleshooting Slow Migrations (Part 4 - you are here) What to do if a migration is Completed […]
    The_Exchange_Team
  • Troubleshooting auth issues in Outlook if you are Azure joining non-persistent Virtual Desktop Infra October 16, 2020
    Virtual desktop infrastructure (VDI) is defined as the hosting of desktop environments on a central server. It is a form of desktop virtualization, as the specific desktop images run within virtual machines (VMs) and are delivered to end clients over a network. Those endpoints can be various devices including PC and tablets. There are many […]
    The_Exchange_Team
  • Modern Authentication Support comes to Microsoft Remote Connectivity Analyzer October 7, 2020
    Since December last year, we've been making a lot of investment into the Microsoft Remote Connectivity Analyzer site. If you've used the website in the past couple of months, you probably saw the website has had a face lift with a modern UI for all pages as well as that we added the ability to […]
    The_Exchange_Team
  • Troubleshooting Failed Migrations October 5, 2020
    This blog post is a part of a 5 post series consisting of: Exchange Hybrid Migrations: More Than Just a Pretty Face (Part 1) Digging Into Hybrid Migration Move Report Data (Part 2) Troubleshooting Failed Migrations (Part 3 - you are here) Troubleshooting Slow Migrations (Part 4) What to do if a migration is Completed […]
    The_Exchange_Team
  • Exchange News and Announcements – Microsoft Ignite 2020 Edition September 22, 2020
    Today we are announcing that the next versions of Exchange Server, SharePoint Server, Skype for Business Server and Project Server will be available in the second half of 2021, and are only available with the purchase of a subscription license. Subscription entitles access to support, product updates, security and time zone patches. Microsoft Office will […]
    The_Exchange_Team
  • Facebook
  • Twitter
Privacy Policy
Copyright © 2020 Fix The Exchange!