OWASP AppSec DC 2012/Old Webshells New Tricks How Persistent Threats haverevived an old idea and how you can detect them

Revision as of 15:45, 2 March 2012 by Mark.bristow (talk | contribs) (Created page with "<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == rightWeb shells _ malicious scripts that provide an a...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Owasp logo normal.jpg
Web shells _ malicious scripts that provide an attacker with the ability to upload files, execute commands, conduct reconnaissance, and perform other command-and-control activities on a compromised web server _ are nothing new. Theyve been in the wild ever since the first web server and application exploits reared their ugly heads over a decade ago. Modern application security and server hardening processes have rendered them all but obsolete tools for desperate script-kiddies, right? Wrong. In this presentation we will discuss how web-based backdoors continue to be leveraged by sophisticated, targeted attackers and the challenges that they pose to forensic analysts conducting large-scale investigations. In particular, we will focus on the usage of web shells as a post-exploitation mechanism for maintaining persistence in an environment _ a backup method of remote access _ rather than a tool utilized in the initial entry vector. We will focus on the forensic artifacts that usage of such malware leaves behind on the host and on the network, and discuss techniques for rapidly identifying unknown web-based malware across servers.

The Speakers

Ryan Kazanciyan

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg