Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examines how this tradecraft conceals execution ...
Dark Reading

Web Shells Gain Sophistication for Stealth, Persistence

Web shells, a common type of post-exploitation tool that provides easy-to-use interface through which to issue commands to a compromised server, have become increasingly popular as attackers become ...
ZDNet

Hafnium’s China Chopper: a ‘slick’ and tiny web shell for creating server backdoors

Researchers have provided insight into China Chopper, a web shell used by the state-sponsored Hafnium hacking group. Hafnium is a group of cyberattackers originating from China. The collective ...
Bleeping Computer

FBI nuked web shells from hacked Exchange Servers without telling owners

A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers' owners. On March 2nd, Microsoft released a ...
Dark Reading

What You Need to Know -- or Remember -- About Web Shells

Malware known as China Chopper is behind the recent headline-making attacks against vulnerable Microsoft Exchange Servers worldwide. China Copper is a type of malicious software known as a Web shell, ...