all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SOC175 EventID:125 — PowerShell Found in Requested URL — Possible CVE-2022–41082 Exploitation —…

Add to bookmarks
July 28, 2023, 6:41 p.m. | Enes Adışen

System Weakness - Medium systemweakness.com

SOC175 EventID:125 — PowerShell Found in Requested URL — Possible CVE-2022–41082 Exploitation — letsdefend.io

Before starting, you can see the data provided by the report alert below.

EventID                :125
Event Time             :Sep, 30, 2022, 07:19 AM
Rule                   :SOC175 - PowerShell Found in Requested URL - Possible CVE-2022-41082 Exploitation
Level                  :Security Analyst
Hostname               :Exchange Server 2
Destination IP Address :172.16.20.8
Log Source             :IIS
Source IP Address      :58.237.200.6
Request URL            :/@evil.com">autodiscover/autodiscover.json?@evil.com/owa/&Email=autodiscover/autodiscover.json%3f@evil.com&Protocol=XYZ&FooProtocol=Powershell
HTTP Method            :GET
User-Agent             :Mozilla/5.0 zgrab/0.x
Action                 :Blocked
Alert Trigger Reason …

alert blue team cve cve-2022-41082 data exchange exploitation letsdefendio powershell report security soc url

Visit resource

More from systemweakness.com / System Weakness - Medium

THM — Fortress 1 day, 14 hours ago | systemweakness.com
hacking penetration testing tryhackme tryhackme-walkthrough +1
Basic Password Checker in Python 2 days, 7 hours ago | systemweakness.com
basic coding cybersecurity demands +16
Bypassing Log.d() for Credential Extraction: A Frida Script Approach 2 days, 7 hours ago | systemweakness.com
android application applications bio +18
Legacy Writeup | SMB Remote Code Execution 2 days, 7 hours ago | systemweakness.com
capture-the-flag ethical hacking hackthebox penetration testing +1
TryHackMe Linux Process Analysis Write-Up 3 days, 14 hours ago | systemweakness.com
cybersecurity linux tryhackme tryhackme-walkthrough +1
Headless WriteUp: Cross-Site Scripting & SetUID privilege escalation 4 days, 6 hours ago | systemweakness.com
ctf ctf-writeup hackthebox hackthebox-writeup +1
WifineticTwo WriteUp | (‘Code Injection’) | HackTheBox [To Be Continue] 4 days, 6 hours ago | systemweakness.com
hackthebox hackthebox-writeup penetration testing security operations +1
Cybersecurity ROI: Quantifying the Value of Protection 6 days, 13 hours ago | systemweakness.com
age attacks breaches business +28
Authentication & How it works ? 6 days, 13 hours ago | systemweakness.com
access control address amp authentication +10

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com