What to do if you were breached by Hafnium (Exchange breach)?

I meant to write this earlier, but I just didn’t have enough time, because of the research and many things I’m doing to remediate this mess inside my network. Microsoft breach has quickly became one of the ugliest events in recent IT history, on par with Solarwinds. Adversaries used unknown flaw in Microsoft Exchange for more than two months to exploit 10s of thousands of organizations around the world. Microsoft patched exploit on 02.March 2021 but not everyone became aware of the seriousness of the situation immediately, so many environments are still unprotected. After exploit became publicly known many new actors entered the game, and now many new threats are looming, ransomware being one of them. What should we do?

Read More
j j j

Microsoft Exchange March 2021 Breach – Hafnium –

Microsoft Exchange Hafnium breach is turning into one of the ugliest security incidents ever, really fast. Here I will try to explain my steps in the process, and what my stages of investigation were (so far). If you already know about problem, I will be happy to share some new info and also learn something new from you.

Updated 10 March 2021 – with new info about scripts and link to website check if you were breached (at the bottom of the post).

Updated 11 March 2021 – Looks like CompareExchangeHashes.ps1 script works ok now.

Updated 11 March 2021 – I see a lot of skepticism howt to proceed further with this – here I can offer my observations/opinions – https://www.informaticar.net/what-to-do-if-you-were-breached-by-hafnium-exchange-breach/

Read More
j j j

Server Basics 13: Create Print Server

We are on the good path to create fully functioning enterprise IT environment, and one of the services we will need is print. Although we are deep into digital era, printing and scanning are still services that are needed in almost every company.

Today, we are going to learn how to set print server for our company.

Read More
j j j