Glitch effect

Tradecraft Tuesday Episode 19 Exploiting CVEs and On-Prem Exchange Servers

With the news of the Exchange Server zero-day flaws being exploited by hackers, this month has already seen its fair share of excitement.

Glitch effectGlitch effect
Download Your Ebook
By submitting this form, you accept our Terms of Service & Privacy Policy


On-prem Exchange servers are still sitting in thousands of networks, still getting compromised, and still catching teams off guard. In this Tradecraft Tuesday episode, our experts walk through how attackers turn known CVEs into full unauthorized access and what you can do before they do damage.

What this episode covers

We break down the real-world tradecraft behind recent Exchange exploitation: how attackers find exposed servers, which vulnerabilities they reach for first, and how a single unpatched box becomes a foothold into everything else.

Key takeaways

  • Why on-prem and hybrid Exchange remains one of the most reliable targets that attackers have

  • How known CVEs get chained together once an attacker is inside

  • The early signals that show up before an Exchange compromise turns into a bigger incident

  • Practical steps to shrink your exposure this week, not next quarter

Why it still matters

Exchange exploitation is a textbook example of attackers using what you already run against you. Catching it early means watching for the odd behavior that follows a successful exploit, exactly what Managed EDR is built to surface, and the kind of living-off-the-land activity that hides in plain sight.

Watch the full episode above, then keep going with the rest of the Tradecraft Tuesday series.



[PH] Learn More About Phishing

[PH] Huntress delivers everything you want from a security tool, all designed with the unique needs of outsourced IT and security teams in mind.
[PH] Phishing attempts can show up as messages from your bank, your boss, your utility providers, or even the government. One click from one user can compromise an entire network and inadvertently let hackers deploy ransomware, steal information, or worse.
[PH] The median time it takes for a user to click a link and enter information is less than 60 seconds. With a turnaround time that quick, it's no wonder phishing is one of the preferred methods used by hackers. (2024 Verizon Data Breach Report)