DFIR

Given the amount of information going around about the recent vulnerabilities in Microsoft Exchange Server, I wanted to provide a technical write up with a collection of the information I've been recommending to people individually. Hopefully, this acts as a single location to get technical information about protecting against and detecting attacks against the recent vulnerabilities in Microsoft Exchange (aka ProxyLogin). I'll also attempt to keep this page updated as I find more useful/retentive information. What are the Vulnerabilities?There are seven vulnerabilities in total that were patched on the 2nd of March 2021 as part of an out-of-cycle…

Recently I went looking for some reference content on ZIP files and how timestamps behave in a ZIP along with what I could determine about files within a ZIP. Sadly I came up empty, either due to there being very little available online, or just my impatience. So I thought I'd spend some time writing up some research I did for the next person that is looking for reference content. Essentially, I wanted to know how do timestamps behave when it comes to ZIP files, do any timestamps stay the same and what timestamps are lost when you archive a…