Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
eSentire has detected active exploit attempts for CVE-2017-7269 (IIS 6.0 Buffer Overflow Vulnerability). This exploit allows for remote code execution among affected devices. Currently, a proof-of-concept version of the exploit is publicly available to attackers that takes advantage of buffer overflow in the WebDAV component of IIS. Due to the publication of exploit code for this vulnerability, eSentire expects the frequency of exploit attempts may intensify in the coming days.
The WebDAV extension is disabled in a default install of IIS 6.0 and must be explicitly enabled in order for the server to be vulnerable. Exploitation attempts can be identified by looking for HTTP requests using the PROPFIND method and containing an IF header with shellcode in it. The vulnerability has not been detected in other versions of Internet Information Services. It was reportedly being exploited as far back as Summer 2016 but was only disclosed to the public on March 27, 2017.
Recommended Actions:
References: