Tonight, I was invited by the OWASP Belgium Chapter (thank you again!) to present “something“. When I accepted the invitation, I did not really have an idea so I decided to compile the findings around my research about webshells. They are common tools used by bad guys: Once they compromized a server, they often install a webshell which is a kind of toolbox or a RAT (“Remote Access Tool”). It’s very interesting to analyze how such interfaces are protected from unauthorized accesses but also the mistakes that are present in their code. This is a very first version and more will come soon!
My slides are available on slideshare.net: