René's URL Explorer Experiment


Title: GitHub - nsacyber/Mitigating-Web-Shells: Guidance for mitigation web shells. #nsacyber

Open Graph Title: GitHub - nsacyber/Mitigating-Web-Shells: Guidance for mitigation web shells. #nsacyber

X Title: GitHub - nsacyber/Mitigating-Web-Shells: Guidance for mitigation web shells. #nsacyber

Description: Guidance for mitigation web shells. #nsacyber. Contribute to nsacyber/Mitigating-Web-Shells development by creating an account on GitHub.

Open Graph Description: Guidance for mitigation web shells. #nsacyber. Contribute to nsacyber/Mitigating-Web-Shells development by creating an account on GitHub.

X Description: Guidance for mitigation web shells. #nsacyber. Contribute to nsacyber/Mitigating-Web-Shells development by creating an account on GitHub.

Opengraph URL: https://github.com/nsacyber/Mitigating-Web-Shells

X: @github

direct link

Domain: patch-diff.githubusercontent.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:0ff4bc7d-1d38-4658-c885-f8bb2718c3b3
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-id8E4C:306F5B:753532:98C015:698D1A2A
html-safe-noncec0d550832e5c21f89b3b8f930682b31aa4ea52c7537d0939cdea82ef001d7fa5
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4RTRDOjMwNkY1Qjo3NTM1MzI6OThDMDE1OjY5OEQxQTJBIiwidmlzaXRvcl9pZCI6IjU1OTc2NjMzNjU3ODAyODE4OTgiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmac7859fd1d278a42729e82011fe678f33451f9ce10540485f0af13dc15ebaf741f
hovercard-subject-tagrepository:240626593
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/nsacyber/Mitigating-Web-Shells
twitter:imagehttps://opengraph.githubassets.com/8956645ce0ee378f67b166163f3f871053f5143f5e56b17c1c84feeca57af72a/nsacyber/Mitigating-Web-Shells
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/8956645ce0ee378f67b166163f3f871053f5143f5e56b17c1c84feeca57af72a/nsacyber/Mitigating-Web-Shells
og:image:altGuidance for mitigation web shells. #nsacyber. Contribute to nsacyber/Mitigating-Web-Shells development by creating an account on GitHub.
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Nonec25395580e1e3bf82d705e0982a1b24255366088720fef945f1493d5e3e67954
turbo-cache-controlno-preview
go-importgithub.com/nsacyber/Mitigating-Web-Shells git https://github.com/nsacyber/Mitigating-Web-Shells.git
octolytics-dimension-user_id6088344
octolytics-dimension-user_loginnsacyber
octolytics-dimension-repository_id240626593
octolytics-dimension-repository_nwonsacyber/Mitigating-Web-Shells
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id240626593
octolytics-dimension-repository_network_root_nwonsacyber/Mitigating-Web-Shells
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release94219dcb9c044792ec271fd5b23c73419858bef7
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#start-of-content
https://patch-diff.githubusercontent.com/
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fnsacyber%2FMitigating-Web-Shells
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fnsacyber%2FMitigating-Web-Shells
Sign up https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=nsacyber%2FMitigating-Web-Shells
Reloadhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
Reloadhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
Reloadhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
nsacyber https://patch-diff.githubusercontent.com/nsacyber
Mitigating-Web-Shellshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2Fnsacyber%2FMitigating-Web-Shells
Fork 207 https://patch-diff.githubusercontent.com/login?return_to=%2Fnsacyber%2FMitigating-Web-Shells
Star 982 https://patch-diff.githubusercontent.com/login?return_to=%2Fnsacyber%2FMitigating-Web-Shells
View license https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/LICENSE.md
982 stars https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/stargazers
207 forks https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/forks
Branches https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/branches
Tags https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/tags
Activity https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/activity
Star https://patch-diff.githubusercontent.com/login?return_to=%2Fnsacyber%2FMitigating-Web-Shells
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2Fnsacyber%2FMitigating-Web-Shells
Code https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
Issues 2 https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/issues
Pull requests 2 https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/pulls
Projects 0 https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/projects
Security 0 https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/security
Insights https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/pulse
Code https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
Issues https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/issues
Pull requests https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/pulls
Projects https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/projects
Security https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/security
Insights https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/pulse
Brancheshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/branches
Tagshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/tags
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/branches
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/tags
66 Commitshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/commits/master/
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/commits/master/
CONTRIBUTING.mdhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/CONTRIBUTING.md
CONTRIBUTING.mdhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/CONTRIBUTING.md
DISCLAIMER.mdhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/DISCLAIMER.md
DISCLAIMER.mdhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/DISCLAIMER.md
LICENSE.mdhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/LICENSE.md
LICENSE.mdhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/LICENSE.md
LogCheck.ps1https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/LogCheck.ps1
LogCheck.ps1https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/LogCheck.ps1
LogCheck.pyhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/LogCheck.py
LogCheck.pyhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/LogCheck.py
README.mdhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/README.md
README.mdhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/README.md
anomolous_uris.splunk.txthttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/anomolous_uris.splunk.txt
anomolous_uris.splunk.txthttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/anomolous_uris.splunk.txt
core.webshell_detection.yarahttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/core.webshell_detection.yara
core.webshell_detection.yarahttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/core.webshell_detection.yara
core.yara.binhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/core.yara.bin
core.yara.binhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/core.yara.bin
dirChecker.ps1https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/dirChecker.ps1
dirChecker.ps1https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/dirChecker.ps1
extended.webshell_detection.yarahttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/extended.webshell_detection.yara
extended.webshell_detection.yarahttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/extended.webshell_detection.yara
extended.yara.binhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/extended.yara.bin
extended.yara.binhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/extended.yara.bin
hips_file_integrity_rules.txthttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/hips_file_integrity_rules.txt
hips_file_integrity_rules.txthttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/hips_file_integrity_rules.txt
network_signatures.snort.txthttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/network_signatures.snort.txt
network_signatures.snort.txthttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/network_signatures.snort.txt
READMEhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
Contributinghttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
Licensehttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#mitigating-web-shells
NSAhttps://www.nsa.gov/
ASDhttps://www.asd.gov.au
Detect and Prevent Web Shell Malwarehttps://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF
NSA press releasehttps://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2159419/detect-prevent-cyber-attackers-from-exploiting-web-servers-via-web-shell-malware/
ASD press releasehttps://www.cyber.gov.au/advice/detect-and-prevent-web-shell-malware
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#table-of-contents
Mitigating Web Shellshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#mitigating-web-shells
Backgroundhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#background
Detecting/Blocking Web Shellshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-blocking-web-shells
"Known-Good" file comparisonhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#known-good-file-comparison
WinDiff Applicationhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#windiff-application
PowerShell utility for known-good comparisonhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#powershell-utility-for-known-good-comparison
Linux Diff utility for known-good comparisonhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#linux-diff-utility-for-known-good-comparison
Detecting anomalous requests in web server logshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-anomalous-requests-in-web-server-logs
Splunk queries for web server logshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#splunk-queries-for-web-server-logs
PowerShell script for Microsoft IIS logshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#powershell-script-for-microsoft-iis-logs
Python script for Apache httpd logshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#python-script-for-apache-httpd-logs
Detecting host artifacts of common web shellshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-host-artifacts-of-common-web-shells
YARA rules for detecting common web shellshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#yara-rules-for-detecting-common-web-shells
Detecting network artifacts of common web shell malwarehttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-network-artifacts-of-common-web-shell-malware
Network signatures for common web shell malwarehttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#network-signatures-for-common-web-shell-malware
Detecting unexpected network flowshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-unexpected-network-flows
Snort signatures to detect unexpected network flowshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#snort-signatures-to-detect-unexpected-network-flows
Endpoint Detection and Response (EDR) capabilitieshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#endpoint-detection-and-response-edr-capabilities
Detecting Web Shells in Windows with Sysmonhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-web-shells-in-windows-with-sysmon
Detecting Web Shells in Linux with Auditdhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-web-shells-in-linux-with-auditd
Preventing Web Shellshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#preventing-web-shells
McAfee Host Intrusion Prevention System (HIPS) rules to lock down web directorieshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#mcafee-host-intrusion-prevention-system--hips--rules-to-lock-down-web-directories
Related Contenthttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#related-content
Licensehttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#license
Contributinghttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#contributing
Disclaimerhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#disclaimer
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#background
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detectingblocking-web-shells
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#known-good-file-comparison
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#windiff-application
herehttps://support.microsoft.com/en-us/help/159214/how-to-use-the-windiff-exe-utility
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#powershell-utility-for-known-good-comparison
PowerShell scripthttps://github.com/nsacyber/Mitigating-Web-Shells/blob/master/dirChecker.ps1
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#requirements
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#usage
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#linux-diff-utility-for-known-good-comparison
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#requirements-1
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#usage-1
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-anomalous-requests-in-web-server-logs
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#splunk-queries-for-web-server-logs
Splunk querieshttps://github.com/nsacyber/Mitigating-Web-Shells/blob/master/anomolous_uris.splunk.txt
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#powershell-script-for-microsoft-iis-logs
PowerShell scripthttps://github.com/nsacyber/Mitigating-Web-Shells/blob/master/LogCheck.ps1
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#requirements-2
herehttps://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#usage-2
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#python-script-for-apache-httpd-logs
Python scripthttps://github.com/nsacyber/Mitigating-Web-Shells/blob/master/LogCheck.py
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#requirements-3
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#usage-3
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-host-artifacts-of-common-web-shells
YARA ruleshttps://virustotal.github.io/yara/
YARA scanning toolhttps://github.com/virustotal/yara/releases/tag/v3.11.0
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#yara-rules-for-detecting-common-web-shells
corehttps://github.com/nsacyber/Mitigating-Web-Shells/blob/master/core.webshell_detection.yara
compiled core ruleshttps://github.com/nsacyber/Mitigating-Web-Shells/blob/master/core.yara.bin
extendedhttps://github.com/nsacyber/Mitigating-Web-Shells/blob/master/extended.webshell_detection.yara
compiled extended ruleshttps://github.com/nsacyber/Mitigating-Web-Shells/blob/master/extended.yara.bin
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#requirements-4
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#usage-4
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-network-artifacts-of-common-web-shell-malware
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#network-signatures-for-common-web-shell-malware
Snort signatureshttps://github.com/nsacyber/Mitigating-Web-Shells/blob/master/network_signatures.snort.txt
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-unexpected-network-flows
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#snort-signatures-to-detect-unexpected-network-flows
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#endpoint-detection-and-response-edr-capabilities
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-web-shells-in-windows-with-sysmon
obtained from Microsofthttps://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#powershell-script-to-identify-sysmon-entries-for-iis
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#windows-executables-commonly-used-by-attackers-and-rarely-launched-by-benign-iis-applications
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#detecting-web-shells-in-linux-with-auditd
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#configuring-auditd
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#reviewing-auditd-log
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#linux-applications-commonly-used-by-attackers-and-rarely-launched-by-benign-apache-applications
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#preventing-web-shells
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#mcafee-host-intrusion-prevention-system-hips-rules-to-lock-down-web-directories
McAfee Host Intrusion Prevention System ruleshttps://github.com/nsacyber/Mitigating-Web-Shells/blob/master/hips_file_integrity_rules.txt
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#requirements-5
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#usage-5
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#related-content
NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaignhttps://www.nsa.gov/news-features/press-room/Article/2677750/nsa-partners-release-cybersecurity-advisory-on-brute-force-global-cyber-campaign/
CSA: Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environmentshttps://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF
NSA CISA, FBI, and the UK NCSC further expose Russian Intelligence Cyber Tacticshttps://www.nsa.gov/news-features/press-room/Article/2599239/nsa-cisa-fbi-and-the-uk-ncsc-further-expose-russian-intelligence-cyber-tactics/
CSA: Further TTPs associated with SVR cyber actorshttps://media.defense.gov/2021/May/07/2002637232/-1/-1/0/ADVISORY%20FURTHER%20TTPS%20ASSOCIATED%20WITH%20SVR%20CYBER%20ACTORS.PDF
CSA: Russian SVR Targets U.S. and Allied Networkshttps://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#license
LICENSEhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/LICENSE.md
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#contributing
CONTRIBUTINGhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/CONTRIBUTING.md
https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#disclaimer
DISCLAIMERhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/blob/master/DISCLAIMER.md
guidance https://patch-diff.githubusercontent.com/topics/guidance
webshell https://patch-diff.githubusercontent.com/topics/webshell
mitigation https://patch-diff.githubusercontent.com/topics/mitigation
webshells https://patch-diff.githubusercontent.com/topics/webshells
Readme https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#readme-ov-file
View license https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#License-1-ov-file
Contributing https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells#contributing-ov-file
Please reload this pagehttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
Activityhttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/activity
Custom propertieshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/custom-properties
982 starshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/stargazers
56 watchinghttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/watchers
207 forkshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/forks
Report repository https://patch-diff.githubusercontent.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2Fnsacyber%2FMitigating-Web-Shells&report=nsacyber+%28user%29
Releaseshttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/releases
Packages 0https://patch-diff.githubusercontent.com/orgs/nsacyber/packages?repo_name=Mitigating-Web-Shells
Contributors 10https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/graphs/contributors
Please reload this pagehttps://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells
YARA 77.1% https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/search?l=yara
Python 13.8% https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/search?l=python
PowerShell 9.1% https://patch-diff.githubusercontent.com/nsacyber/Mitigating-Web-Shells/search?l=powershell
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.