Disclaimer: CrowdStrike derived this information from investigations in non-classified environments. Since we value our clients’ privacy and interests, some data has been redacted or sanitized.
In our first blog post, “Mo’ Shells Mo’ Problems: Deep Panda Web Shells – Part 1”, we discussed two web shells leveraged by a Chinese threat group we call Deep Panda. In case you forgot, a web shell is a file containing backdoor functionality written in a web scripting language such ASP, ASPX, PHP, JSP or CFM. When a web shell is hosted on an internet facing victim system, an adversary can remotely access the system to perform malicious actions.
Today we’ll cover one of three ways to help hunt for web shells in your environment: file stacking. We often use this method…
Source link
