Closing the Door on Web Shells
- Anuj Soni
- Sunday, March 9th, 7:00pm - 8:00pm
While many attackers install malware on end-user workstations to accomplish their goals, external-facing servers continue to be prime targets of attack. In many of these cases, web shell backdoors are utilized by the adversary to download/upload files, execute arbitrary commands, and access back-end databases and other resources. Web shells are often heavily customized and obfuscated to evade detection. They may be only several lines of code, and they can be deployed on a variety of platforms. Every incident responder should be familiar with this dangerous category of malware so it is not overlooked during an investigation. This talk will discuss how web shells work, dive deep into several specimens, discuss approaches to detect related activity, and touch on some best practices to reduce the likelihood of seeing them on your systems.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Lunch & Learn: Short presentations given during the lunch break.
|Welcome to SANS
||Wednesday, March 5th, 8:15am - 8:45am
|DFIReception - Forensicators Unite!
||Wednesday, March 5th, 6:00pm - 7:00pm
|Keynote: Have no fear - DFIR is here!
||Rob Lee, Chad Tilbury, Alissa Torres, Phil Hagen, and Lenny Zeltser
||Wednesday, March 5th, 7:00pm - 8:30pm
||Saturday, March 8th, 12:30pm - 1:15pm
||Lunch and Learn