all InfoSec news
SOC175 EventID:125 — PowerShell Found in Requested URL — Possible CVE-2022–41082 Exploitation —…
July 28, 2023, 6:41 p.m. | Enes Adışen
System Weakness - Medium systemweakness.com
SOC175 EventID:125 — PowerShell Found in Requested URL — Possible CVE-2022–41082 Exploitation — letsdefend.io
Before starting, you can see the data provided by the report alert below.
EventID :125
Event Time :Sep, 30, 2022, 07:19 AM
Rule :SOC175 - PowerShell Found in Requested URL - Possible CVE-2022-41082 Exploitation
Level :Security Analyst
Hostname :Exchange Server 2
Destination IP Address :172.16.20.8
Log Source :IIS
Source IP Address :58.237.200.6
Request URL :/@evil.com">autodiscover/autodiscover.json?@evil.com/owa/&Email=autodiscover/autodiscover.json%3f@evil.com&Protocol=XYZ&FooProtocol=Powershell
HTTP Method :GET
User-Agent :Mozilla/5.0 zgrab/0.x
Action :Blocked
Alert Trigger Reason …
alert blue team cve cve-2022-41082 data exchange exploitation letsdefendio powershell report security soc url
More from systemweakness.com / System Weakness - Medium
Clocky | TryHackMe Write-up
1 day, 22 hours ago |
systemweakness.com
Tuesday Morning Threat Report: Apr 30, 2024
1 day, 22 hours ago |
systemweakness.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Offensive Security Engineer
@ Ivanti | United States, Remote
Senior Security Engineer I
@ Samsara | Remote - US
Senior Principal Information System Security Engineer
@ Chameleon Consulting Group | Herndon, VA
Junior Detections Engineer
@ Kandji | San Francisco
Data Security Engineer/ Architect - Remote United States
@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700