Agathoklis Prodromou, Author at Acunetix

An Introduction to Web Shells (Web Shells Part 1)

Agathoklis Prodromou — Thu, 16 Apr 2020 06:00:24 +0000

A web shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application. A web shell itself cannot attack or exploit a remote vulnerability, so it is always the second step of...

The post An Introduction to Web Shells (Web Shells Part 1) appeared first on Acunetix.

Web Shells 101 Using PHP (Web Shells Part 2)

Agathoklis Prodromou — Tue, 14 Apr 2020 08:03:09 +0000

In part 1 of this series, we looked at what a web shell is and why an attacker would seek to use one. In part 2 of this series, we’ll be looking at some specific examples of web shells developed using the PHP programming language....

The post Web Shells 101 Using PHP (Web Shells Part 2) appeared first on Acunetix.

Keeping Web Shells Under Cover (Web Shells Part 3)

Agathoklis Prodromou — Tue, 14 Apr 2020 08:02:11 +0000

In part 2 of this series, we looked at specific examples of web shells in the PHP programming language. In part 3 of this series, we’ll be looking at some techniques that attackers use to keep web shells hidden. Commands can be sent to the...

The post Keeping Web Shells Under Cover (Web Shells Part 3) appeared first on Acunetix.

Web Shells in Action (Web Shells Part 4)

Agathoklis Prodromou — Tue, 14 Apr 2020 08:01:06 +0000

In part 3 of this series, we looked at ways in which a hacker can keep web shells under the radar. In part 4 of this series, we’ll be looking at web shells in action by using Weevely as an example. Weevely is a lightweight...

The post Web Shells in Action (Web Shells Part 4) appeared first on Acunetix.

Web Shell Detection and Prevention (Web Shells Part 5)

Agathoklis Prodromou — Tue, 14 Apr 2020 08:00:26 +0000

In part 4 of this series, we looked at web shells in action by using Weevely as an example. In the final part of this series, we’ll be looking at web shell detection and how to prevent their use. Detection If an administrator suspects that a...

The post Web Shell Detection and Prevention (Web Shells Part 5) appeared first on Acunetix.

Using Logs to Investigate – SQL Injection Attack Example

Agathoklis Prodromou — Thu, 03 Oct 2019 07:00:17 +0000

A log file is an extremely valuable piece of information that is provided by a server. Almost all servers, services, and applications provide some sort of logging. A log file records events and actions that take place during the run time of a service or...

The post Using Logs to Investigate – SQL Injection Attack Example appeared first on Acunetix.

TLS Security 1: What Is SSL/TLS

Agathoklis Prodromou — Wed, 03 Apr 2019 07:30:45 +0000

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic security protocols. They are used to make sure that network communication is secure. Their main goals are to provide data integrity and communication privacy. The SSL protocol was the first protocol designed for this...

The post TLS Security 1: What Is SSL/TLS appeared first on Acunetix.

TLS Security 5: Establishing a TLS Connection

Agathoklis Prodromou — Sun, 31 Mar 2019 11:39:54 +0000

The process of establishing a secure SSL/TLS connection involves several steps. SSL/TLS security protocols use a combination of asymmetric and symmetric encryption. The client and the server must negotiate the algorithms used and exchange key information. For the purpose of explaining this complex process, we...

The post TLS Security 5: Establishing a TLS Connection appeared first on Acunetix.

TLS Security 4: SSL/TLS Certificates

Agathoklis Prodromou — Sun, 31 Mar 2019 10:14:35 +0000

When you communicate securely with a third party using data encryption, you usually want to be sure that they are who they say they are. For example, when you use an online bank or an e-commerce site and you send sensitive information, you want to...

The post TLS Security 4: SSL/TLS Certificates appeared first on Acunetix.