I published the following diary on isc.sans.org: “When Bad Guys are Pwning Bad Guys…“.
A few months ago, I wrote a diary about webshells and the numerous interesting features they offer. They’re plenty of web shells available, there are easy to find and install. They are usually delivered as one big obfuscated (read: Base64, ROT13 encoded and gzip’d) PHP file that can be simply dropped on a compromised computer. Some of them are looking nice and professional like the RC-Shell… [Read more]