Web Shell
Adversaries may backdoor web servers with web shells to establish persistent access to systems. A Web shell is a Web script that is placed on an openly accessible Web server to allow an adversary to access the Web server as a gateway into a network. A Web shell may provide a set of functions to execute or a command-line interface on the system that hosts the Web server.(Citation: volexity_0day_sophos_FW) In addition to a server-side script, a Web shell may have a client interface program that i...
BY SOURCE
PROCEDURES (33)
Auto-extracted: 7 detections for general monitoring
Auto-extracted: 5 detections for suspicious
Auto-extracted: 4 detections for process creation monitoring
Auto-extracted: 3 detections for suspicious
Auto-extracted: 3 detections for privilege
Auto-extracted: 3 detections for unusual
Auto-extracted: 2 detections for http
Auto-extracted: 2 detections for service
Auto-extracted: 2 detections for http
Auto-extracted: 2 detections for exfiltrat
Auto-extracted: 2 detections for suspicious
Auto-extracted: 1 detections for email
Auto-extracted: 1 detections for unusual
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for inject
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for powershell
Auto-extracted: 1 detections for script execution monitoring
Auto-extracted: 1 detections for powershell
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for http
Auto-extracted: 1 detections for email
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for file monitoring
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for network connection monitoring
Auto-extracted: 1 detections for child process
Auto-extracted: 1 detections for child process