Tradecraft Tuesday Episode 19 Exploiting CVEs and On-Prem Exchange Servers
With the news of the Exchange Server zero-day flaws being exploited by hackers, this month has already seen its fair share of excitement.
On-prem Exchange servers are still sitting in thousands of networks, still getting compromised, and still catching teams off guard. In this Tradecraft Tuesday episode, our experts walk through how attackers turn known CVEs into full unauthorized access and what you can do before they do damage.
What this episode covers
We break down the real-world tradecraft behind recent Exchange exploitation: how attackers find exposed servers, which vulnerabilities they reach for first, and how a single unpatched box becomes a foothold into everything else.
Key takeaways
Why on-prem and hybrid Exchange remains one of the most reliable targets that attackers have
How known CVEs get chained together once an attacker is inside
The early signals that show up before an Exchange compromise turns into a bigger incident
Practical steps to shrink your exposure this week, not next quarter
Why it still matters
Exchange exploitation is a textbook example of attackers using what you already run against you. Catching it early means watching for the odd behavior that follows a successful exploit, exactly what Managed EDR is built to surface, and the kind of living-off-the-land activity that hides in plain sight.
Watch the full episode above, then keep going with the rest of the Tradecraft Tuesday series.