Last month I gave a talk at the SANS Threat Hunting and Incident Response Summit on Hunting Webshells on Microsoft Exchange Server. The SANS Institute has posted a video of that talk on YouTube, check it out here.
You can also view the slides from the talk here, and download the Invoke-ExchangeWebShellHunter script from GitHub here.
Josh M. Bryant is currently a Director of Technical Account Management at Tanium where he helps customers overcome the challenges of managing very large scale computing environments. Prior to joining Tanium, he was a Premier Field Engineer at Microsoft specializing in Microsoft Exchange Server, and then later a Cybersecurity Architect specializing in Compromise Recovery. Josh is also a Master Sergeant in the Illinois Air National Guard where he manages a team of Systems Administrators maintaining the weapons system for an Air Operations Center.