Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
> “May you have all the data you need to answer your questions – and may half of
the values be corrupted!”
> - Ancient Yiddish curse
This year, Christmas (and therefore Haxmas) o
2016 has been a big year for information security, as we've seen attacks by both
cybercriminals and state actors increase in size and public awareness, and the
Internet of Things comes into its own as a field of study. But today we'd like
to talk about a very old (but no less dangerous) type of attacker tool – web
shells – and new techniques Rapid7 is developing for identifying them quickly
What is a Web Shell?
Web shells are web-based applications that provide a threat actor wi