Anatomy of a WebShell

Explore the intricacies of WebShells in this 19-minute OWASP Foundation conference talk. Gain insights into the often misunderstood and overlooked form of malware that continues to be a popular and powerful tool for attackers. Discover the range of WebShells from simple to complex designs, and understand their role in establishing long-term, stealthy presence in compromised networks. Learn about the common parts of WebShells, their design principles, and typical usage. Delve into different categories of WebShells, including EVAL, Admin, and Proxy types. Understand the importance of WebShells in cybersecurity and the mechanisms that make them effective. Examine web security vulnerabilities that enable WebShell deployment. Differentiate between trojanized and standalone WebShells, and explore their persistence and stealth techniques. By the end of the talk, acquire the knowledge to identify and detect WebShells, even when dormant and not actively used by intruders.

Intro
Three Different Ones (EVAL)
Three Different Ones (Admin)
Three Different Ones (Proxy)
Why Should We Care
What Makes Them Work
Web Security - Or Lack Thereof
Trojanized or Standalone
Persistence and Stealth
WebShells You'll Know What To Look For...