[SANS ISC] Another webshell, another backdoor!

I published the following diary on “Another webshell, another backdoor!“.

I’m still busy to follow how webshells are evolving… I recently found another backdoor in another webshell called “”. The best place to find webshells remind[1]. When I’m testing a webshell, I copy it in a VM located on a “wild Internet” VLAN in my home lab with, amongst other controls, full packet capture enabled. This way, I can spot immediately is the VM is trying to “phone home” to some external hosts. This was the case this time! [Read more]


One comment

Leave a Reply

Your email address will not be published. Required fields are marked *