Mitigating-Web-Shells icon indicating copy to clipboard operation
Mitigating-Web-Shells copied to clipboard

verified publisher icon nsacyber

Metadata

Guidance for mitigation web shells. #nsacyber

Results 4 Mitigating-Web-Shells issues
Sort by recently updated
recently updated
newest added

Doesn't work for a large file?

LogCheck.py Traceback (most recent call last): File "LogCheck.py.2", line 111, in analyze_weblog(weblogfileName) File "LogCheck.py.2", line 40, in analyze_weblog user_agent = row[apachelogsfields.index('user_agent')] IndexError: list index out of range Logfile : wc...

mauser8004 avatar mauser8004

Add more webshell YARA rules

1 comment

From https://github.com/ruppde/yara_rules#webshells

ruppde avatar ruppde

Fixed broken link to NSA Article

Old link lead to broken page. ``` {0}404 Not FoundThe requested Url does not return any valid content.AdministratorsChange this message by configuring a specific 404 Error Page or Url for...

The-Real-Thisas avatar The-Real-Thisas

Typo - Powershell Sysmon

https://github.com/nsacyber/Mitigating-Web-Shells#powershell-script-to-identify-sysmon-entries-for-iis Please fix typo: Get-WinEvent -FilterHashtable @{logname="**Micorosft**-Windows-Sysmon/Operational";id=1;} | Where {$_.message -like "*ParentImage: C:\Windows\System32\inetsrv\w3wp.exe*"} | %{$_.properties[4]} | Sort-Object -Property value -Unique Corrected (Microsoft) Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-Sysmon/Operational";id=1;} | Where {$_.message -like "*ParentImage:...

danfoxley avatar danfoxley

Metadata

950
Stars
197
Forks
Watchers

Owner

verified publisher icon nsacyber

Metadata

Guidance for mitigation web shells. #nsacyber

Back