The following video shows a compromise assessment with our free THOR Lite scanner on a Microsoft Exchange 2019 server detecting ProxyShell and ProxyToken exploitation.

We’ve done no post-editing in this video. You can jump to all findings using the video chapters. You’ll see log entries, web shells and a modified IIS server configuration as reported by HuntressLabs in various reports. We added some Synth-wave tracks to create the right atmosphere. Enjoy.

By the way, we compiled a blog article regarding compromise assessments of Exchange servers with THOR Lite to detect ProxyLogon exploitation with some recommendations that still apply. You can find that blog post here

GDPR Cookie Consent with Real Cookie Banner