Webshell – WindowsTechs.com

Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities

Posted on April 22, 2021 by Lior Rochberger

Recently, the Cybereason Nocturnus Team responded to several incident response (IR) cases involving infections of the Prometei Botnet against companies in North America, observing that the attackers exploited recently published Microsoft Exchange … Continue reading Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities→

Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities

Posted on April 22, 2021 by Lior Rochberger

S3 Ep28.5: Hacking back – is attack an acceptable form of defence? [Podcast]

Posted on April 16, 2021 by Paul Ducklin

Listen now – and have your say on this divisive issue in our comments! Continue reading S3 Ep28.5: Hacking back – is attack an acceptable form of defence? [Podcast]→

FBI hacks into hundreds of infected US servers (and disinfects them)

Posted on April 14, 2021 by Paul Ducklin

Hacking for good! A judge said I could! Continue reading FBI hacks into hundreds of infected US servers (and disinfects them)→

PHP web language narrowly avoids “backdoor” supply chain attack

Posted on March 30, 2021 by Paul Ducklin

The crooks got in and added a backdoor to PHP, but it looks as though it was caught before any harm was done. Continue reading PHP web language narrowly avoids “backdoor” supply chain attack→

Naked Security Live – HAFNIUM explained in plain English

Posted on March 15, 2021 by Paul Ducklin

Latest episode – watch now! Continue reading Naked Security Live – HAFNIUM explained in plain English→

Serious Security: Webshells explained in the aftermath of HAFNIUM attacks

Posted on March 9, 2021 by Paul Ducklin

Webshells explained, with some (safe) examples you can try at home if you want to learn more. Continue reading Serious Security: Webshells explained in the aftermath of HAFNIUM attacks→

[SANS ISC] Webshell looking for interesting files

Posted on April 18, 2018 by Xavier

I published the following diary on isc.sans.org: “Webshell looking for interesting files“: Yesterday, I found on Pastebin a bunch of samples of a webshell that integrates an interesting feature: It provides a console mode that you can use to execute commands on the victim host. The look and feel of the

[The post [SANS ISC] Webshell looking for interesting files has been first published on /dev/random]

Continue reading [SANS ISC] Webshell looking for interesting files→

[SANS ISC] Another webshell, another backdoor!

Posted on September 14, 2017 by Xavier

I published the following diary on isc.sans.org: “Another webshell, another backdoor!“. I’m still busy to follow how webshells are evolving… I recently found another backdoor in another webshell called “cor0.id”. The best place to find webshells remind pastebin.com[1]. When I’m testing a webshell, I copy it in a VM located

[The post [SANS ISC] Another webshell, another backdoor! has been first published on /dev/random]

Continue reading [SANS ISC] Another webshell, another backdoor!→

[SANS ISC Diary] Analysis of a Simple PHP Backdoor

Posted on February 28, 2017 by Xavier

I published the following diary on isc.sans.org: “Analysis of a Simple PHP Backdoor“. With the huge surface attack provided by CMS like Drupal or WordPress, webshells remain a classic attack scenario. A few months ago, I wrote a diary about the power of webshells. A few days ago, a friend

[The post [SANS ISC Diary] Analysis of a Simple PHP Backdoor has been first published on /dev/random]

Continue reading [SANS ISC Diary] Analysis of a Simple PHP Backdoor→