PHP Web Shells on Linux Servers: A New Threat via HTTP Cookies

Researchers at Microsoft have uncovered a new technique used by threat actors to control PHP-based web shells on Linux servers, leveraging HTTP cookies as a control channel to achieve remote code execution.

This approach allows attackers to bypass traditional detection methods, as the web shells do not expose command execution through URL parameters or request bodies.

Instead, the web shells rely on values supplied by the threat actor through HTTP cookies to gate execution, making them more difficult to detect.

The use of HTTP cookies as a control channel is a significant shift in the tactics, techniques, and procedures (TTPs) of threat actors, and organizations should be aware of this new threat to Linux servers.

To mitigate this threat, organizations should monitor their Linux servers for suspicious HTTP cookie activity and implement additional security measures, such as regular security audits and penetration testing.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

China-Linked TA416 Targets European Governments with Sophisticated Malware and Phishing Tactics

North Korean Hackers UNC1069 Use Social Engineering to Breach Axios npm Package