Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server – Microsoft Security Response Center
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Microsoft Security Intelligence on Twitter: "Microsoft Security Threat Intelligence teams have published additional analysis on observed exploitation of Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 with security product mitigations and detections to help protect against further attacks https://t.co/5jcROyyBEz" / Twitter
https://twitter.com/MsftSecIntel/status/1576065620067631105
The Thorny Problem of Keeping the Internet’s Time | The New Yorker
https://www.newyorker.com/tech/annals-of-technology/the-thorny-problem-of-keeping-the-internets-time
EOMTv2 - Microsoft - CSS-Exchange
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
H4CK1NG G00GL3
http://H4CK1NG.GOOGLE
Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 - Microsoft Security Blog
https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/
State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations
https://thehackernews.com/2022/10/state-sponsored-hackers-likely.html
Kevin Beaumont on Twitter: "Praise the lord! 2 hours 50 minutes later, one Exchange server in the cluster is patched. "Just patch", as InfoSec people say. https://t.co/jjCdwzJ0Gd" / Twitter
https://twitter.com/gossithedog/status/1575909146897285120
sigma/file_event_win_exchange_webshell_drop.yml at master · SigmaHQ/sigma · GitHub
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file_event/file_event_win_exchange_webshell_drop.yml
Skidaddle Skideldi - I just pwnd your PKI – LuemmelSec – Just an admin on someone else´s computer
https://luemmelsec.github.io/Skidaddle-Skideldi-I-just-pwnd-your-PKI/
EP001: Threat Analysis Group | HACKING GOOGLE - YouTube
https://www.youtube.com/watch?v=N7N4EC20-cM
Lazarus hackers abuse Dell driver bug using new FudModule rootkit
https://www.bleepingcomputer.com/news/security/lazarus-hackers-abuse-dell-driver-bug-using-new-fudmodule-rootkit/
Unmasking WindTape - Speaker Deck
https://speakerdeck.com/patrickwardle/unmasking-windtape
Tim Newsham on Twitter: "@richinseattle @4Dgifts @killahertz_ https://t.co/UfChmO6Oww" / Twitter
https://twitter.com/newshamtim/status/1575998316361359361
sigma/proc_creation_win_webshell_chopper.yml at master · SigmaHQ/sigma · GitHub
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_webshell_chopper.yml