meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, July 15th 2016

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 15 July 2016

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. The Power of Web Shells

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, July 15th, 2016 edition of the Sands and Storm Center's Stormcast.

0:07.7

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:12.1

Xavier today wrote about web shells and how they evolved and what great features you find today in web shells.

0:20.7

Now, web shells are typically uploaded by NetHacker that tries to get persistent access to a web server,

0:27.6

typically via a web application vulnerability.

0:30.6

So the attacker would find a way to upload a file to the server and then they would upload one of these web shells in order to then

0:40.3

have an easier time executing arbitrary commands and as Xavier shows with his screenshots,

0:47.3

these web shells are quite sophisticated and make it pretty easy then to take over a server.

0:55.7

And apparently in India, the large ISP Airtel has started intercepting traffic for the Pirate Bay.

1:03.6

Now, Pirate Bay does use Cloudflare as their proxy service.

1:10.4

So if you are connecting to the Pirate Bay, you're doing so via servers that are operated by Cloudflare.

1:17.6

And apparently Airtel did intercept all traffic to these servers.

1:22.6

Initially, it was a little bit suspect because the Pirate Bay does offer HTTP, but it does appear that only the

1:29.6

HTTP copy of the traffic is being intercepted. And this is exactly the reason why you do need,

1:37.2

for example, strict transport security that advertises your site as HTTP only. And of course, you need to implement keypinning in order to prevent these kinds of attacks from succeeding.

1:51.0

Now there hasn't been a clear statement as to why they started off a sudden blocking the pirate bay but of course the pirate bay has been in the crosshairs of various anti-piracy groups for a while,

2:03.7

so it's not a big surprise.

2:05.8

And in India, many sides have been blocked in the past without really explaining why.

2:13.4

In this particular case, if you're trying to go to the Pirate Bay.org from one of the ISPs that routes via Airtel, you would just see an empty page with a quick note that access to the site has been blocked.

2:28.0

And since I yesterday talked about vulnerabilities in Triple plugins, only fair that I mentioned today's word press plugin problem it

2:37.8

affects the SEO pack plugin that's the search engine optimization pack

2:43.6

plugin it does manifest itself in a persistent cross-site scripting attack

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.