HSC
Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Lectures > Webshells, real threat for information systems ?
Go to: HSC Trainings
Search:  
Version française
   Services   
o Skills & Expertise
o Consulting
o ISO 27001 services
o Vulnerabilities monitoring
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o ARJEL
o Training courses
o E-learning
   Conferences   
o Agenda
o Past events
o Tutorials
   Resources   
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
   Company   
o Hervé Schauer
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
 communication
 
 
o HSC Newsletter
o Press review
o Press releases
o Publications
   Contacts   
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Webshells, real threat for information systems ?  
> Access to the content HTML Beginning of the presentation
PDF PDF version [657 KB]
AdobeFlash Adobe Flash version  
> Description This meeting aimed to describe webshells possibilities once deployed on a Web server and means to protect an information system against this threat.  
> Context & Dates Talk presented during the GS-Days 2009, on 1 December 2009.
 
> Author Renaud Dubourguais 
> Type [ French - HTML ]  
> Abstract &
Table of content
Flyleaf
Mise en situation
Retours d'expérience HSC
Impacts de ces vulnérabilités
Webshell ?
Webshell ?
Un Webshell en image ...
Déploiement d'un Webshell
Déploiement d'un Webshell
Prise de contrôle du serveur Web
Prise de contrôle du serveur Web (1/3)
Prise de contrôle du serveur Web (2/3)
Prise de contrôle du serveur Web (3/3)
Reconnaissance du réseau interne
Reconnaissance du réseau interne
Rebond au sein du SI
Rebond au sein du SI (1/2)
Rebond au sein du SI (2/2)
Comment s'en prémunir ?
Les modes de sécurité (1/2)
Les modes de sécurité (2/2)
Quelques pistes ...
Conclusion
Conclusion
Questions ?  
> Related documents
themeHTTP (HyperText Transfer Protocol)
[Article]  Évolution des attaques de type Cross Site Request Forgery [1 June 2007 - French]
[Presentation]  Encrypting hostile Web content over HTTP [31 May 2007 - French]
[Tip]  Configuring and using modsecurity2 [24 April 2007 - French]
[Tip]  Presentation of Apache ModSecurity module [14 June 2006 - French]
[Presentation]  Tunnels detection at network border [2 June 2006 - French]
[Article]  Détection de tunnels aux limites du périmètre [2 June 2006 - French]
[Tip]  HTTP/HTTPS authentication methods [10 March 2003 - French]
[Tool]  Subweb tool [HTTP reverse proxy - English]
[Presentation]  Prospects and drawbacks of the new HTTP versions [24 October 1996 - French]
[Presentation]  HTTP/1.1 [6 June 1996 - French]
[Presentation]  Using HTTP/1.1 for building a security proxy [19 March 1996 - French]
themeInternet
[Course]  Internet/intranet Security
[Presentation]  Webshells, or how to open your network's doors ? [21 October 2010 - French]
[Presentation]  Webshells, or how to open your network's doors ? [16 March 2010 - French]
[Presentation]  Deperimetrization or not ? [22 November 2007 - French]
[Presentation]  Evolution of Cross-Site Request Forgery Attacks [1 June 2007 - French]
[Presentation]  DOS on Internet infrastructure [4 November 2003 - French]
[Tip]  HTTP/HTTPS authentication methods [10 March 2003 - French]
[Techno-watch]  Internet Familial by SmartValley [29 June 2000 - French]
[Techno-watch]  SIAM et l'Internet [25 April 1996 - French]
[Techno-watch]  KBT [5 February 1996 - English]
[Techno-watch]  La stratégie de France Télécom [10 January 1996 - French]
[Techno-watch]  Telekom On Line [4 January 1996 - French]
[Techno-watch]  Droit et l'Internet [4 December 1995 - French]
[Techno-watch]  Les décisions françaises concernant les projets sur les Autoroutes de l'Information [23 October 1995 - French]
[Article]  How to build a secure Internet access architecture? [October 1995 - French]
[Techno-watch]  Wanadoo [6 July 1995 - French]
[Techno-watch]  L'Homme Symbiotique [18 April 1995 - French]
themeReverse proxy
[Presentation]  Encrypting hostile Web content over HTTP [31 May 2007 - French]
[Tip]  Configuring and using modsecurity2 [24 April 2007 - French]
[Tip]  Presentation of Apache ModSecurity module [14 June 2006 - French]
[Tip]  Implementing filtering on a reverse HTTP proxy using mod_eaccess [3 September 2001 - French]
[Tip]  Filtering URLs in a reverse proxy [5 May 2001 - French]
[Tip]  Why a reverse proxy [13 February 2001 - French]
[Tip]  Apache as a reverse proxy [11 November 2000 - French]
themeWeb
[Course]  Web Servers and applications Security
[Presentation]  Webshells, or how to open your network's doors ? [21 October 2010 - French]
[Presentation]  JBoss AS: exploitation and reassure [11 June 2010 - French]
[Presentation]  Webshells, or how to open your network's doors ? [16 March 2010 - French]
[Presentation]  Security issue seen in enterprises web applications [27 November 2008 - French]
[Presentation]  Application security [23 October 2008 - French]
[Presentation]  Feedback from PHP applications assessment [21 November 2007 - French]
[Presentation]  Evolution of Cross-Site Request Forgery Attacks [1 June 2007 - French]
[Presentation]  Encrypting hostile Web content over HTTP [31 May 2007 - French]
[Presentation]  Web 2.0 : more ergonomic... and less secure ? [22 May 2007 - French]
[Tip]  Configuring and using modsecurity2 [24 April 2007 - French]
[Tip]  Presentation of Apache ModSecurity module [14 June 2006 - French]
[Presentation]  Database and ERP security [15 June 2005 - French]
[Presentation]  SSL VPN connection multiplexing techniques [7 April 2005 - English]
[Presentation]  PHP and security [27 November 2003 - French]
[Presentation]  Web Services and Security [10 September 2003 - French]
[Tip]  HTTP/HTTPS authentication methods [10 March 2003 - French]
[Presentation]  The cross-site scripting [27 February 2003 - French]
[Presentation]  DBMS and security [1 April 2002 - French]
[Presentation]  Apache and web servers security [1 February 2002 - French]
[Tip]  Implementing filtering on a reverse HTTP proxy using mod_eaccess [3 September 2001 - French]
[Tool]  Subweb tool [HTTP reverse proxy - English]
[Tool]  Babelweb tool [Automatic information retrieving from of a web server - English]
[Tip]  Universal CGI wrapper [5 August 2001 - French]
[Tip]  Why HTTPS is not web security [7 May 2001 - English]
[Tip]  Filtering URLs in a reverse proxy [5 May 2001 - French]
[Presentation]  Hacking web servers [14 March 2001 - French]
[Tip]  Why a reverse proxy [13 February 2001 - French]
[Tip]  Apache as a reverse proxy [11 November 2000 - French]
[Presentation]  Secure internet services (email, DNS, web) under Linux [26 September 2000 - English]
[Presentation]  Secure internet services (email, DNS, web) under Linux [26 April 2000 - French/English]
[Presentation]  Secure Internet services (email, DNS, web) under Linux [1 February 2000 - French]
[Techno-watch]  Netscape [16 January 1996 - French]
themePenetration tests
[Service]  Vunerability assessment (TSAR)
[Service]  Penetration tests
[Course]  Ethical and Practical Hacking
[Presentation]  Webshells, or how to open your network's doors ? [21 October 2010 - French]
[Tool]  passe-partout tool [In-memory extraction of SSL private keys - English]
[Presentation]  Webshells, or how to open your network's doors ? [16 March 2010 - French]
[Presentation]  Web Attacks with Smartphone [4 June 2009 - French]
[Presentation]  Security issue seen in enterprises web applications [27 November 2008 - French]
[Presentation]  Feedback on security audits [1 April 2008 - French]
[Tool]  WSPP tool [WSPP - English]
[Presentation]  Modern techniques of IP attacks [18 March 2003 - French]
[Presentation]  Audits, Assessments and Penetration Tests [22 January 2003 - French]
[Presentation]  Audits, Assessments and Penetration Tests [26 June 2002 - French]
[Tip]  Nmap's hidden option [27 December 2000 - French]
[Presentation]  Introduction to intrusion tests [17 March 1998 - French]
[Presentation]  Tests and evaluation of Internet security solutions [30 May 1997 - French]
[Presentation]  Intrusion tests [December 1996 - French]
themeApache
[Tip]  Configuring and using modsecurity2 [24 April 2007 - French]
[Tip]  Presentation of Apache ModSecurity module [14 June 2006 - French]
[Tip]  Apache and module management [17 October 2003 - ]
[Tip]  HTTP/HTTPS authentication methods [10 March 2003 - French]
[Presentation]  Apache and web servers security [1 February 2002 - French]
[Tip]  Apache: Virtual hosts and SSL (mod_ssl) [21 December 2001 - French]
[Tip]  Apache as a reverse proxy [11 November 2000 - French]
> Copyright © 2009, Hervé Schauer Consultants, all rights reserved.

 

Last modified on 8 December 2009 at 20:41:44 CET - webmaster@hsc.fr
Information on this server - © 1989-2010 Hervé Schauer Consultants