Skip to main content

Posts

Showing posts from 2020

Web shell hunting: Meet the web shell analyzer

In continuation of my prior work on web shells (Medium/Blog), I wanted to take my work a step further and introduce a new tool that goes beyond my legacy webshell-scan tool. The “webshell-scan” tool was written in GoLang and provided threat hunters and analysts alike with the ability to quickly scan a target system for web shells in a cross platform fashion. That said, I found it was lacking in many other areas. Allow me to elaborate below…Requirements of web shell analysisIn order to perform proper web shell analysis, we need to define some of the key requirements that a web shell analyzer would need to include. This isn’t a definitive list but more of a guide on key requirements based on my experience working on the front lines:Static executable: Tooling must include all dependencies when being deployed. This ensures the execution is consistent and expected.Simple and easy to use: A tool must be simple and straightforward to deploy and execute. Nothing is more frustrating than tryi…