Nytro Posted August 5, 2012 Report Posted August 5, 2012 Owasp - Old Webshells, New Tricks With Ryan Kazanciyan, Mandiant Description: The PresentationWeb shells _ malicious scripts that provide an attacker with the ability to upload files, execute commands, conduct reconnaissance, and perform other command-and-control activities on a compromised web server _ are nothing new. They've been in the wild ever since the first web server and application exploits reared their ugly heads over a decade ago. Modern application security and server hardening processes have rendered them all but obsolete tools for desperate script-kiddies, right? Wrong. In this presentation we will discuss how web-based backdoors continue to be leveraged by sophisticated, targeted attackers and the challenges that they pose to forensic analysts conducting large-scale investigations. In particular, we will focus on the usage of web shells as a post-exploitation mechanism for maintaining persistence in an environment _ a backup method of remote access _ rather than a tool utilized in the initial entry vector. We will focus on the forensic artifacts that usage of such malware leaves behind on the host and on the network, and discuss techniques for rapidly identifying unknown web-based malware across servers.The SpeakersRyan KazanciyanRyan Kazanciyan is a Principal Consultant with Mandiant and has ten years of experience specializing in incident response, forensic analysis, penetration testing, and web application security. He has spent the past four years leading investigation and remediation efforts for highly-targeted attacks affecting organizations in the defense, technology, utilities, government, and financial services sectors. Mr. Kazanciyan has experience with analysis of host and network-based indicators of compromise, disk and memory forensics, and malware identification and triage. He also has an extensive background managing and executing large penetration testing and application security assessments.Mr. Kazanciyan has leveraged his consulting experience to lead training sessions for a variety of audiences in law enforcement, the federal government, and corporate security groups. He has taught courses on incident response, forensic analysis, penetration testing, and web application security. He has also presented at industry and security conferences including Black Hat, DoD CyberCrime, ShmooCon, Infragard, and ISACA. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Old Webshells, New Tricks with Ryan Kazanciyan, Mandiant on VimeoSursa: Owasp - Old Webshells, New Tricks With Ryan Kazanciyan, Mandiant Quote
