I published the following diary on isc.sans.org: “The Power of Web Shells“.
Web shells are not new in the threats landscape. A web shell is a script (written in PHP, ASL, Perl, … – depending on the available environment) that can be uploaded to a web server to enable remote administration. If web shells are usually installed for good purposes, many of them are installed on compromised servers. Once in place, the web shell will allow a complete takeover of the victim’s server but it can also be used to pivot and attack internal systems… [Read more]
RT @xme: [/dev/random] [SANS ISC Diary] The Power of Web Shells https://t.co/zrHhIodBvp
RT @xme: [/dev/random] [SANS ISC Diary] The Power of Web Shells https://t.co/zrHhIodBvp