What to do if you were breached by Hafnium (Exchange breach)?

I meant to write this earlier, but I just didn’t have enough time, because of the research and many things I’m doing to remediate this mess inside my network. Microsoft breach has quickly became one of the ugliest events in recent IT history, on par with Solarwinds. Adversaries used unknown flaw in Microsoft Exchange for more than two months to exploit 10s of thousands of organizations around the world. Microsoft patched exploit on 02.March 2021 but not everyone became aware of the seriousness of the situation immediately, so many environments are still unprotected. After exploit became publicly known many new actors entered the game, and now many new threats are looming, ransomware being one of them. What should we do?

Read More
j j j

Microsoft Exchange March 2021 Breach – Hafnium –

Microsoft Exchange Hafnium breach is turning into one of the ugliest security incidents ever, really fast. Here I will try to explain my steps in the process, and what my stages of investigation were (so far). If you already know about problem, I will be happy to share some new info and also learn something new from you.

Updated 10 March 2021 – with new info about scripts and link to website check if you were breached (at the bottom of the post).

Updated 11 March 2021 – Looks like CompareExchangeHashes.ps1 script works ok now.

Updated 11 March 2021 – I see a lot of skepticism howt to proceed further with this – here I can offer my observations/opinions – https://www.informaticar.net/what-to-do-if-you-were-breached-by-hafnium-exchange-breach/

Read More
j j j

Setup Email Server on Ubuntu 20.04

In this guide we will try to setup email server with Postfix (MTA), Dovecot (MDA) and Roundcube as webmail server.

As someone who is coming from years on working with Microsoft Exchange, it was hard for me to find a good replacement for Exchange on Linux. I went through a lot of different combinations on Linux, and this one I’m going to write about today is one of them that I think is worth trying.

Read More
j j j