I published the following diary on isc.sans.edu: “Basic Obfuscation With Permissive Languages”: For attackers, obfuscation is key to keep their malicious code below the radar. Code is obfuscated for two main reasons: defeat automatic detection by AV solutions or tools like YARA (which still rely mainly on signatures) and make the code
I published the following diary on isc.sans.org: “Webshell looking for interesting files“: Yesterday, I found on Pastebin a bunch of samples of a webshell that integrates an interesting feature: It provides a console mode that you can use to execute commands on the victim host. The look and feel of the
I published the following diary on isc.sans.org: “Another webshell, another backdoor!“. I’m still busy to follow how webshells are evolving… I recently found another backdoor in another webshell called “cor0.idâ€. The best place to find webshells remind pastebin.com[1]. When I’m testing a webshell, I copy it in a VM located
