Discover how Advanced Persistent Threat (APT) Actors such as Sandworm use Web application protocols to establish command and control with victim environments.
During the 2022 Ukraine Electric Power Attack, the Sandworm Team deployed the Neo-REGEORG web shell on an internet-facing server. Web shells provide persistent remote access, facilitate privilege escalation, enable pivoting, and allow attackers to launch further attacks. They exploit various web vulnerabilities, including the use of dangerous PHP functions, inadequate user input sanitization, and the failure to implement file type allow listing. In the course Sandworm: C2 over HTTP Emulation, you will learn how advanced persistent threats (APTs) exploit these vulnerabilities to deploy web shells and gain full control of victim systems.
During the 2022 Ukraine Electric Power Attack, the Sandworm Team deployed the Neo-REGEORG web shell on an internet-facing server. Web shells provide persistent remote access, facilitate privilege escalation, enable pivoting, and allow attackers to launch further attacks. They exploit various web vulnerabilities, including the use of dangerous PHP functions, inadequate user input sanitization, and the failure to implement file type allow listing. In the course Sandworm: C2 over HTTP Emulation, you will learn how advanced persistent threats (APTs) exploit these vulnerabilities to deploy web shells and gain full control of victim systems.
