Fortinet, ProxyShell 2 (or 3?), Cybersecurity Awareness Month
UNSECURITY: Information Security Podcast
00:00
Is There a China Chopper Web Show?
The main thing for the hunt, what you want to look for at high level is this is they're typically dropping a China chopper web show. And so you can hunt for web pages created on your exchange server that shouldn't be there. Typically, ASP or ASP X files is what they're going to be deploying those China choppers as. So I would just do a good review of my web server looking at time lining and try to time on that server for any file access creation or birth events.
Play episode from 16:00
Transcript
