Whatchu looking for (starring SolarWinds Serv-U - CVE-2024-28995)

This report examines internet-wide scanning and exploitation attempts against a SolarWinds Serv-U path-traversal vulnerability (CVE-2024-28995). Using honeypot-captured traffic, the author documents payload normalization, timelines of observed requests, frequency of targeted files, and groups those requests by purpose (scanners, credential theft, web/db configs, broken tooling). Key findings show heavy scanning using public proofs-of-concept plus non-trivial attempts to retrieve sensitive files (Windows unattended/sysprep XMLs, registry hives, cloud credential files), while evidence of large-scale successful exfiltration is limited.