Day 47 of Becoming a SOC Analyst | ProxyNotShell Exploitation Attempt — CVE-2022-41082 скачать в хорошем качестве

Day 47 of Becoming a SOC Analyst | ProxyNotShell Exploitation Attempt — CVE-2022-41082

Day 47 of Becoming a SOC Analyst — ProxyNotShell / CVE-2022-41082 Exploitation Attempt (True Positive) External IP 58.237.200.6 — flagged 600+ times on AbuseIPDB — sent crafted autodiscover requests to an internal Exchange Server targeting CVE-2022-41082 (ProxyNotShell). The attacker embedded PowerShell indicators directly in the autodiscover URL attempting to access Exchange backend services via EWS and OWA paths. The zgrab user agent confirmed internet-wide scanning activity. All requests were blocked at the IIS layer before any backend PowerShell execution could occur. Walked through the full triage: autodiscover endpoint analysis, URL deconstruction, threat intel enrichment via AbuseIPDB, MITRE mapping (T1190, T1059.001, T1046), and confirming true positive with no escalation required. --- 00:00 Day 47 intro 00:19 Alert Details 00:50 Investigation 04:47 Playbook Answers 06:40 5w Log 09:20 Result --- SOC175 - PowerShell Found in Requested URL - Possible CVE-2022-41082 Exploitation Scenario sourced from LetsDefend.io — one of the best hands-on SOC analyst training platforms out there. Highly recommend if you're on the same path. I'm documenting every day of my journey to landing a Level 1 SOC Analyst role — the wins, the grinds, and everything in between. 🔵 What I Cover Threat Detection · Alert Triage · SIEM Analysis · PCAP Review · Incident Response · Blue Team Tools 🚨 Open to Work — Seeking a Level 1 SOC Analyst role in Melbourne or Remote (AU) 📂 Portfolio → inksec.io 💼 LinkedIn → linkedin.com/in/tate-pannam-8b64b23a3 If you chose the red pill... 0x74617465.sh #SOCAnalyst #BlueTeam #Cybersecurity #ProxyNotShell #CVE202241082 #ExchangeServer #IncidentResponse #SIEM #Day47 #CyberSecurityJourney #Melbourne #LetsDefend #LetsDefendSOC #PowerShell #ThreatHunting #ZeroDay