Sandworm: Web Shell Emulation
Offered By: Pluralsight
Course Description
Overview
Discover how Advanced Persistent Threat (APT) Actors such as Sandworm deploy web shells on vulnerable web applications for remote code execution, file upload, persistent access, and more.
During the 2015 Ukraine Electric Power Attack, Sandworm Team used BlackEnergy to communicate between compromised hosts and their command-and-control servers via HTTP post requests. Adversaries often communicate with their targets using application layer protocols associated with web traffic. This avoids detection by blending in with existing traffic because commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server. Protocols such as HTTP(S)] that carry web traffic are very common in most environments and the packets using these protocols have many fields and headers in which data can be hidden. In this course, Sandworm Team: T1505.003 Server Software Component Web Shell Emulation, you’ll learn how APTs take advantage of common web protocols to establish complex command and control networks to maintain persistence and to remain stealthy.
During the 2015 Ukraine Electric Power Attack, Sandworm Team used BlackEnergy to communicate between compromised hosts and their command-and-control servers via HTTP post requests. Adversaries often communicate with their targets using application layer protocols associated with web traffic. This avoids detection by blending in with existing traffic because commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server. Protocols such as HTTP(S)] that carry web traffic are very common in most environments and the packets using these protocols have many fields and headers in which data can be hidden. In this course, Sandworm Team: T1505.003 Server Software Component Web Shell Emulation, you’ll learn how APTs take advantage of common web protocols to establish complex command and control networks to maintain persistence and to remain stealthy.
Syllabus
- Sandworm: Web Shells 6mins
Taught by
Matthew Lloyd Davies
Related Courses
Real-Time Cyber Threat Detection and MitigationNew York University (NYU) via Coursera Ciberseguridad: ataques y contramedidas
Universidad Rey Juan Carlos via Independent Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX Cyber Security Advanced Persistent Threat Defender Preview
Udemy Threat Intelligence: Cyber Threats and Kill Chain Methodology
Pluralsight