Topic: ProxyShell vulnerability and its impact on the Microsoft Exchange server.

Topic: ProxyShell vulnerability and its impact on the Microsoft Exchange server.
The vulnerabilities include CVE-2021-34473, a remote code execution bug; CVE-2021-34523, an elevation of privilege bug; and CVE-2021-31207, a security bypass flaw.
This chain of vulnerabilities exists in unpatched on-premises editions of Microsoft Exchange Server only and is being actively exploited on those servers accessible on the Internet. Our aim is to show the importance of patching to IT team of the organization. Why the continuous PT/VA it will help to identify the Vulnerabilities.
The objective of this project is to test existing methods for Penetration Testing on Un-Patched systems and characterize security threats.
A PoC would be demonstrating existing methods and techniques available.
Project instructions
1. The research SHOULD include figures of processes, methodologies, and investigation applications. It should be from 3000 to 3500 words maximum.
The references should not be less than 12.
2. The research SHOULD be in IEEE formatting with the proper styles.
3. The paper is between 6 pages and 8 pages (single-spaced lines, font size <=11). 4. Kindly update us about your progress frequently, this will help us to review the work and see the way forward. 5. The practical part was done “ImagingSteps.docx”, please ensure that the research is around that. Also, make sure to include screenshots were applicable in the research. The experimental Procedures section in the research will include the practical part “ImagingSteps.docx” that. Also, makes sure to include screenshots that were applicable in the research. Experimental Procedures section in the research will include the practical part “ImagingSteps.docx” Project Sections Abstract A brief summary of the detailed research project, please add keywords that are important terms not known to common readers. Introduction 1. Define what is Pentesting 2. Importance of Penetration testing 3. Discuss the difference between Vulnerability Analysis and Pentesting. 4. What is Patching 5. Importance of Patching 6. Challenges associated with Patching 7. Proposed solution/technology to the “Challenges associated with Patching”. 8. Giving examples of attacks that target Mail Exchange servers (mention ProxyShell attack as one type of attack and give several). Literature Review 1. Describe the most relevant prior work and their key insights. 2. Critically analyzing existing literature in investigation focusing on ProxyShell. 3. Discuss the pros and cons of each methods found. Experimental procedures (https://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell) Please use this resource as a reference to our steps to enrich this Experimental Procedures 1. Detailed description of what we are trying to accomplish. 2. Explore the different types of exploits. 3. Specify tools you will be using in the attack regarding ProxyShell. 4. Explain the proper procedures which are done in ProxyShell attack. 5. Conclude our finding Conclusion and Future Work 1. Explain how Patching can make Servers more secure. 2. Mention how Patching Technology has advanced and takes less time and cover more machines. 3. Summarize the key aspects of the research. 4. Imply potential future work. 5. Opinion on the research carried out References References will be taken based on the found readings. Please provide 12 or more references no less.