Detecting Web Shells
Premium roomExplore web shell detection by analyzing logs, file systems, and network traffic.
easy
To access material, start machines and answer questions login.
Knowing how to detect web shells is an essential skill for Analysts and Incident Responders. Web shells are a common technique attackers use to gain an initial foothold on target systems. They provide remote access, enabling various actions later in the attack chain. In this room, we will begin by refreshing our understanding of web shells, then dive into detection techniques using a variety of logs and tools.
Learning Objectives
- Understand what web shells are and how attackers use them
- Detect web shell activity through log, , and network analysis
- Understand common tooling in web shell detection
Room Prerequisites
A basic understanding of the topics below will be helpful during this walkthrough.
- Web Application Basics: Request Methods & Responses
- Intro to Log Analysis: Common Log Formats
- : Initial Access & Tactics
I understand the learning objectives and am ready to embark on a web shell adventure.
Ready to learn Cyber Security?
The Detecting Web Shells room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in