What is a Transport Agent in Microsoft Exchange and how can it be exploited as a backdoor?

A Transport Agent is a .NET plugin for Exchange that extends transport behaviors, such as reading, modifying, or deleting emails as they pass through the server. Attackers can deploy a malicious Transport Agent—similar to the LightNeuron malware—to create a persistent backdoor that intercepts and manipulates all email traffic. This technique is part of a broader set of Exchange-focused penetration methods, as detailed in Penetration Techniques - Using Transport Agent as an Exchange Backdoor.