您的位置: 首页  >  文章  >  WebShell and Threat Intelligence

WebShell and Threat Intelligence

分类: 文章 2024-06-16 17:14:28

WebShell and Threat Intelligence

Good image, hope it could be useful for u.

And then, four points you need to pay a little attention:

  1. Traffic monitor

    • ”CaiDao” ‘s payload are all in request body.
    • “Weevely“‘s payload are all in cookie and spreate to make up again.

  2. File moitor

    • Always include system method
    • Encrypt is very common

  3. Attack origin

    • Tor network , proxy server is the common attack origin.
    • Night is the high frequency time
    • Someone do batch scan at night, unexpectedly it work.

  4. Attack method

    • Web leak and config issue occupy more.
    • One sentence Webshell and rebound shell occupy more.

Finally :

Created with Raphaël 2.1.0Threat IntelligenceThreat IntelligenceWebshell MonitorWebshell MonitorDefender websiteDefender websiteSirpSirpAttacker featurewebshell feature.Analyze system leakEmergency measuresCommunity dataLeak database

相关推荐