A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Hunting Webshells: Tracking TwoFace - Josh Bryant, Robert Falcone Derbycon 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Hunting Webshells: Tracking TwoFace
Josh Bryant, Robert Falcone
Derbycon 2019

Microsoft Exchange Servers are a high-value target for many adversaries, which makes the investigation of them during Incident Response vital. Backdoor implants in the form of webshells and IIS modules on servers are on the rise. Find out how to hunt webshells and differentiate between legitimate use and attacker activity, using default logging available on every exchange server. The presentation will feature real-world examples carried out by an adversary group using web-based backdoors to breach and maintain access to networks of targeted organizations in the Middle East.

Josh Bryant is a Director of Technical Account Management at Tanium where he helps very large enterprise customers gain high speed visibility and control over their endpoints. Robert is a Threat Researcher with Palo Alto Networks' Unit 42 focusing on malware analysis, reverse engineering and tracking advanced threat actors.

@FixTheExchange, @r0bf4lc

Back to Derbycon 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast