Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
You are here
:
Home
>
Resources
>
Lectures
> Webshells, or how to open your network's doors ?
Search
:
Services
Skills & Expertise
Consulting
ISO 27001 services
Vulnerabilities monitoring
Audit & Assessment
Penetration tests
Vunerability assessment (TSAR)
Forensics
Training courses
E-learning
Conferences
Agenda
Past events
Tutorials
Resources
Thematic index
Tips
Lectures
Courses
Articles
Tools (download)
Vulnerability watch
Company
Hervé Schauer
Job opportunities
Credentials
History
Partnerships
Associations
Press and
communication
HSC Newsletter
Press review
Press releases
Publications
Contacts
How to reach us
Specific inquiries
Directions to our office
Hotels near our office
Webshells, or how to open your network's doors ?
Access to the content
Beginning of the presentation
PDF version
[720 KB]
Adobe Flash version
Description
This presentation aimed to introduce webshells, features which they can offer during an intrusion and different means to prevent this threat.
Context & Dates
Talk presented during the JSSI 2010, on 16 March 2010.
Author
Renaud Dubourguais
Type
[
-
]
Abstract &
Table of content
Flyleaf
Retours d'expérience (1/2)
Retours d'expérience (2/2)
Impacts de ces vulnérabilités
Webshell ? (1/2)
Webshell ? (2/2)
Un webshell en image ...
Déploiement d'un webshell (1/2)
Déploiement d'un webshell (2/2)
Prise de contrôle du serveur web (1/4)
Prise de contrôle du serveur web (2/4)
Prise de contrôle du serveur web (3/4)
Prise de contrôle du serveur web (4/4)
Reconnaissance du réseau interne (1/2)
Reconnaissance du réseau interne (2/2)
Rebond au sein du SI (1/3)
Rebond au sein du SI (2/3)
Rebond au sein du SI (3/3)
Comment s'en prémunir ?
Les modes de sécurité (1/2)
Les modes de sécurité (2/2)
Quelques pistes ...
Conclusion (1/3)
Conclusion (2/3)
Conclusion (3/3)
Questions ?
Related documents
Penetration tests
Vunerability assessment (TSAR)
Penetration tests
Ethical and Practical Hacking
passe-partout tool
[In-memory extraction of SSL private keys -
]
Webshells, real threat for information systems ?
[1 December 2009 -
]
Web Attacks with Smartphone
[4 June 2009 -
]
Security issue seen in enterprises web applications
[27 November 2008 -
]
Feedback on security audits
[1 April 2008 -
]
WSPP tool
[WSPP -
]
Modern techniques of IP attacks
[18 March 2003 -
]
Audits, Assessments and Penetration Tests
[22 January 2003 -
]
Audits, Assessments and Penetration Tests
[26 June 2002 -
]
Nmap's hidden option
[27 December 2000 -
]
Introduction to intrusion tests
[17 March 1998 -
]
Tests and evaluation of Internet security solutions
[30 May 1997 -
]
Intrusion tests
[December 1996 -
]
Web
Web Servers and applications Security
JBoss AS: exploitation and reassure
[11 June 2010 -
]
Webshells, real threat for information systems ?
[1 December 2009 -
]
Security issue seen in enterprises web applications
[27 November 2008 -
]
Application security
[23 October 2008 -
]
Feedback from PHP applications assessment
[21 November 2007 -
]
Evolution of Cross-Site Request Forgery Attacks
[1 June 2007 -
]
Encrypting hostile Web content over HTTP
[31 May 2007 -
]
Web 2.0 : more ergonomic... and less secure ?
[22 May 2007 -
]
Configuring and using modsecurity2
[24 April 2007 -
]
Presentation of Apache ModSecurity module
[14 June 2006 -
]
Database and ERP security
[15 June 2005 -
]
SSL VPN connection multiplexing techniques
[7 April 2005 -
]
PHP and security
[27 November 2003 -
]
Web Services and Security
[10 September 2003 -
]
HTTP/HTTPS authentication methods
[10 March 2003 -
]
The cross-site scripting
[27 February 2003 -
]
DBMS and security
[1 April 2002 -
]
Apache and web servers security
[1 February 2002 -
]
Implementing filtering on a reverse HTTP proxy using mod_eaccess
[3 September 2001 -
]
Subweb tool
[HTTP reverse proxy -
]
Babelweb tool
[Automatic information retrieving from of a web server -
]
Universal CGI wrapper
[5 August 2001 -
]
Why HTTPS is not web security
[7 May 2001 -
]
Filtering URLs in a reverse proxy
[5 May 2001 -
]
Hacking web servers
[14 March 2001 -
]
Why a reverse proxy
[13 February 2001 -
]
Apache as a reverse proxy
[11 November 2000 -
]
Secure internet services (email, DNS, web) under Linux
[26 September 2000 -
]
Secure internet services (email, DNS, web) under Linux
[26 April 2000 -
]
Secure Internet services (email, DNS, web) under Linux
[1 February 2000 -
]
Netscape
[16 January 1996 -
]
Internet
Internet/intranet Security
Webshells, real threat for information systems ?
[1 December 2009 -
]
Deperimetrization or not ?
[22 November 2007 -
]
Evolution of Cross-Site Request Forgery Attacks
[1 June 2007 -
]
DOS on Internet infrastructure
[4 November 2003 -
]
HTTP/HTTPS authentication methods
[10 March 2003 -
]
Internet Familial by SmartValley
[29 June 2000 -
]
SIAM et l'Internet
[25 April 1996 -
]
KBT
[5 February 1996 -
]
La stratégie de France Télécom
[10 January 1996 -
]
Telekom On Line
[4 January 1996 -
]
Droit et l'Internet
[4 December 1995 -
]
Les décisions françaises concernant les projets sur les Autoroutes de l'Information
[23 October 1995 -
]
How to build a secure Internet access architecture?
[October 1995 -
]
Wanadoo
[6 July 1995 -
]
L'Homme Symbiotique
[18 April 1995 -
]
Copyright
© 2010, Hervé Schauer Consultants, all rights reserved.
Last modified on 23 Mars 2010 at 14:36:58 CET - webmaster@hsc.fr
Information on this server
- © 1989-2010 Hervé Schauer Consultants
-
![[Service]](/gif/icone.services.png){kind=small}
![[Course]](/gif/icone.formations.png){kind=small}
![[Tool]](/gif/icone.outils.png){kind=small}
]
![[Presentation]](/gif/icone.supports.png){kind=small}
![[Tip]](/gif/icone.breves.png){kind=small}
]
![[Techno-watch]](/gif/icone.veille.png){kind=small}
![[Article]](/gif/icone.articles.png){kind=small}