Suspected ProxyToken Exploitation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Looks for activity that might indicate exploitation of the ProxyToken vulnerability - CVE-2021-33766 Ref: https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	141a3be6-be08-4519-9698-2fc908f6761c
Tactics	InitialAccess
Techniques	T1190
Required Connectors	AzureMonitor(IIS)
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/W3CIISLog/SuspectedProxyTokenExploitation.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries