Case Study: Exchange Attack


This case study is focused on the Exchange Attacks of 2021. We'll look at how the attack was executed and derive lessons learned.

Email servers are the lifeline of a business. Control the email communication and you control the business.

This case was first discussed at BlackHa. Immediately afterwards attacks in the wild were reported.

The CVEs involved in this attack were not rated as critical until after the attacks began. This was a clever use of multiple lower-ranked weaknesses in combination to execute a full exploitation.

You'll receive a certificate of completion for .5hr CPE.