THREAT OPS › Threat News › Threat hunting case study: ToolShell
Threat hunting case study: ToolShell
In July 2025 threat actors exploited zero-day vulnerabilities in on-premises Microsoft SharePoint servers in an incident known as ToolShell. In this case study, we conduct a threat hunt for ToolShell-related activity.
MITRE ATT&CK techniques
Original source: https://www.intel471.com/blog/threat-hunting-case-study-toolshell