I published the following diary on isc.sans.org: “When Bad Guys are Pwning Bad Guys…“.
A few months ago, I wrote a diary about webshells and the numerous interesting features they offer. Theyâ€™re plenty of web shells available, there are easy to find and install. They are usually delivered as one big obfuscated (read: Base64, ROT13 encoded and gzip’d) PHP file that can be simply dropped on a compromised computer. Some of them are looking nice and professional like the RC-Shell… [Read more]