Detecting Webshell Backdoors on your Webservers Strings Indicators

Here are some strings pulled from mostly headers and other key pieces of the webshells for detection. You can search your network for these strings or make simple rules to match these patterns to find webshells on your network. //Starting calls if (!function_exists(“getmicrotime”)) {function getmicrotime() {list($usec, $sec) = explode(” “, microtime()); return ((float)$usec + (float)$sec);}} .. $shver = “1.0 … Read more

The FIREBALL PUP, PUA, Adware or Malware Outbreak? Or just a successful Adware Campaign?

FIREBALL Adware or Malware? The malware, called Fireball, acts as a browser-hijacker but and can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.Fireball is spread mostly via bundling i.e. installed on … Read more

Wcry WannaCry WCry Ransomware Malware ETERNALBLUE/MS17-010 Worm is dead or is it? – active new IOCs Domain Names/IPs

Ransomware is nothing new, since 2012 it has been wreaking havoc on the world. The TTPs for delivering and infecting victims has changed over the years but the end goal remains the same, give me your money or you’ll never see your files again. Some of the first ransomware campaigns used mechanisms such as exploit … Read more

Cheat Sheet How to pass the OSCP Offensive Security Certified Professional Exam Step-by-Step Guide – Network Pivoting – PART 7

Network Pivoting using SSH tunneling and forwarding: Is Microsoft Network Monitor was installed? If so, depending on which version, you may have to run netmon, netcap, or nmcap, each of which has slightly different features and syntax. For example, if Network Monitor 3 is installed running, you could execute the following command at a shell prompt: C:\> NMCap … Read more

Cheat Sheet How to pass the OSCP Offensive Security Certified Professional Exam Step-by-Step Guide- Directory/Service Brute Forcing – PART 3

Directory Brute Forcing and Service Brute Forcing The OSCP exam will almost certainly have a service that you can brute force a local or admin account on, there will also be webservers that will have unlinked content that you can find such as password files, user accounts and developer portals that provide easy access. You … Read more