I published the following diary on isc.sans.org: “Webshell looking for interesting files“: Yesterday, I found on Pastebin a bunch of samples of a webshell that integrates an interesting feature: It provides a console mode that you can use to execute commands on the victim host. The look and feel of the
I published the following diary on isc.sans.org: “Another webshell, another backdoor!“. I’m still busy to follow how webshells are evolving… I recently found another backdoor in another webshell called “cor0.id”. The best place to find webshells remind pastebin.com. When I’m testing a webshell, I copy it in a VM located
Tonight, I was invited by the OWASP Belgium Chapter (thank you again!) to present “something“. When I accepted the invitation, I did not really have an idea so I decided to compile the findings around my research about webshells. They are common tools used by bad guys: Once they compromized
I published the following diary on isc.sans.org: “When Bad Guys are Pwning Bad Guys…“. A few months ago, I wrote a diary about webshells and the numerous interesting features they offer. They’re plenty of web shells available, there are easy to find and install. They are usually delivered as one
I published the following diary on isc.sans.org: “Analysis of a Simple PHP Backdoor“. With the huge surface attack provided by CMS like Drupal or WordPress, webshells remain a classic attack scenario. A few months ago, I wrote a diary about the power of webshells. A few days ago, a friend
I published the following diary on isc.sans.org: “The Power of Web Shells“. Web shells are not new in the threats landscape. A web shell is a script (written in PHP, ASL, Perl, … – depending on the available environment) that can be uploaded to a web server to enable remote administration.