Spinning a Web Shell for Initial Access
Certain threat actors specialize in targeting vulnerable web servers and gain initial access by exploiting public-facing applications. Then they act as access brokers for ransomware gangs. Such campaigns highlight the need to protect against known vulnerabilities. Understanding these techniques is key to protecting your organization.
Campaign Outline
Threat Actor Campaigns are comprised of multiple MITRE ATT&CK aligned courses. Click on a course below to learn more.
Server Software Component: Web Shell
Bad actors can gain persistence on your network by abusing software development features that allow legitimate developers to extend server applications. In this way, they can install malicious code for later use. Learn to detect and thwart this activity and protect your network.
Overview
Bad actors can gain persistence on your network by abusing software development features that allow legitimate developers to extend server applications. In this way, they can install malicious code for later use. Learn to detect and thwart this activity and protect your network.
Exfiltration Over Alternative Protocol and Clear CLI History
Financially motivated adversaries will often steal valuable data and exfiltrate it over an alternate protocol like FTP, SMTP or, HTTP/S. They could also encrypt or obfuscate these alternate channels to protect their nefarious activities. Learn to exfiltrate the attackers by detecting and mitigating these techniques.
Overview
Financially motivated adversaries will often steal valuable data and exfiltrate it over an alternate protocol like FTP, SMTP or, HTTP/S. They could also encrypt or obfuscate these alternate channels to protect their nefarious activities. Learn to exfiltrate the attackers by detecting and mitigating these techniques.
