Anatomy of a Webshell presented at OWASPAppSecCalifornia 2014

by D0n Quixote,

Summary : WebShells are an often misunderstood and overlooked form of malware. Yet they continue to be a popular and powerful attacker tool. WebShells can range from extremely simple to elegant and complex. And they are often a favorite tool used by intruders to establish a long term, stealthy presence in a compromised network. Webshells fall into a few distinct categories, and most follow the same common concepts in their design and purpose.
This talk will outline the common parts of a WebShell, why they are designed the way they are, and their typical usage. After covering the internal workings of WebShells, we will cover ways to detect them - even when they are dormant, and not being actively used by the intruder.