Good image, hope it could be useful for u.

And then, four points you need to pay a little attention:

Traffic monitor

• ”CaiDao” ‘s payload are all in request body.
• “Weevely“‘s payload are all in cookie and spreate to make up again.

File moitor

• Always include system method
• Encrypt is very common

Attack origin

• Tor network , proxy server is the common attack origin.
• Night is the high frequency time
• Someone do batch scan at night, unexpectedly it work.

Attack method

• Web leak and config issue occupy more.
• One sentence Webshell and rebound shell occupy more.

Finally :

Created with Rapha?l 2.1.0 Threat Intelligence Threat Intelligence Webshell Monitor Webshell Monitor Defender website Defender website Sirp Sirp Attacker feature webshell feature . Analyze system leak Emergency measures Community data Leak database

總結

以上是生活随笔為你收集整理的WebShell and Threat Intelligence的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。